Top Leaderboard, Site wide
Truthdig: Drilling Beneath the Headlines
July 24, 2017 Disclaimer: Please read.
x

Statements and opinions expressed in articles are those of the authors, not Truthdig. Truthdig takes no responsibility for such statements or opinions.


Truthdig Bazaar
On Loyalty

On Loyalty

Troy Jollimore
24.38

more items

 
Ear to the Ground
Email this item Print this item

Hijacking Cellphones Isn’t Nearly As Hard as It Should Be

Posted on Aug 7, 2014

Shutterstock

Hacking into cellphones, or staging a hostile takeover, doesn’t require a lot of fancy tricks or even that many steps, according to two experts who sounded the alarm Wednesday at a security conference in Las Vegas.

According to Mathew Solnik and Marc Blanchou of Accuvant Labs in Denver, the vulnerability lies in cellphone carriers’ reliance upon the Open Mobile Alliance Device Management (OMA-DM) protocol, which is currently a bit more “open” than it should be.

Also read: T-Mobile Slapped With FTC Lawsuit for Phony Charges

The two experts made their case at the BlackHat conference, and Tom’s Guide relayed their startling findings Thursday:

OMA-DM is used by cellular carriers worldwide to provision, troubleshoot and send software updates to phones. For example, if you bought an Android phone from a carrier rather than from Google, Blanchou and Solnik explained, then the phone’s software updates come through OMA-DM. (Most iPhones and iPads do not use the standard, except for devices sold by Sprint.)

Yet the security of those software updates can be trivial to bypass. Many carriers verify updates with a “signature” that is a combination of the targeted device’s unique ID number and a secret encoding token, but some carriers, the researchers said, use a single token for all updates to all devices on their networks.

[...] The phones’ regular communications with the carriers’ OMA-DM servers are also vulnerable. Due to poor implementation of secure-transmission standards, it’s often possible to stage “man-in=the-middle” attacks in which a hacker secretly intercepts and modifies messages traveling between the phone and the carrier.

What’s more, the report added, tablets and laptops, along with some vehicles, are also susceptible to this kind of hacking, and the problems are increasing as carriers switch to 4G networks. Fasten your seat belts.

—Posted by Kasia Anderson


New and Improved Comments

If you have trouble leaving a comment, review this help page. Still having problems? Let us know. If you find yourself moderated, take a moment to review our comment policy.

Join the conversation

Load Comments
Right Top, Site wide - Care2
 
Right Skyscraper, Site Wide
Right Internal Skyscraper, Site wide

Like Truthdig on Facebook