Hijacking Cellphones Isn’t Nearly As Hard as It Should Be
Hacking into cellphones, or staging a hostile takeover, doesn't require a lot of fancy tricks or even that many steps, according to two experts who sounded the alarm Wednesday at a security conference in Las Vegas.
Shutterstock
Hacking into cellphones, or staging a hostile takeover, doesn’t require a lot of fancy tricks or even that many steps, according to two experts who sounded the alarm Wednesday at a security conference in Las Vegas.
According to Mathew Solnik and Marc Blanchou of Accuvant Labs in Denver, the vulnerability lies in cellphone carriers’ reliance upon the Open Mobile Alliance Device Management (OMA-DM) protocol, which is currently a bit more “open” than it should be.
Also read: T-Mobile Slapped With FTC Lawsuit for Phony Charges
The two experts made their case at the BlackHat conference, and Tom’s Guide relayed their startling findings Thursday:
OMA-DM is used by cellular carriers worldwide to provision, troubleshoot and send software updates to phones. For example, if you bought an Android phone from a carrier rather than from Google, Blanchou and Solnik explained, then the phone’s software updates come through OMA-DM. (Most iPhones and iPads do not use the standard, except for devices sold by Sprint.)
Yet the security of those software updates can be trivial to bypass. Many carriers verify updates with a “signature” that is a combination of the targeted device’s unique ID number and a secret encoding token, but some carriers, the researchers said, use a single token for all updates to all devices on their networks.
[…] The phones’ regular communications with the carriers’ OMA-DM servers are also vulnerable. Due to poor implementation of secure-transmission standards, it’s often possible to stage “man-in=the-middle” attacks in which a hacker secretly intercepts and modifies messages traveling between the phone and the carrier.
What’s more, the report added, tablets and laptops, along with some vehicles, are also susceptible to this kind of hacking, and the problems are increasing as carriers switch to 4G networks. Fasten your seat belts.
–Posted by Kasia Anderson
WAIT, BEFORE YOU GO…If you're reading this, you probably already know that non-profit, independent journalism is under threat worldwide. Independent news sites are overshadowed by larger heavily funded mainstream media that inundate us with hype and noise that barely scratch the surface. We believe that our readers deserve to know the full story. Truthdig writers bravely dig beneath the headlines to give you thought-provoking, investigative reporting and analysis that tells you what’s really happening and who’s rolling up their sleeves to do something about it.
Like you, we believe a well-informed public that doesn’t have blind faith in the status quo can help change the world. Your contribution of as little as $5 monthly or $35 annually will make you a groundbreaking member and lays the foundation of our work.
Environment
When companies want to add new cell phone towers, build on protected land or launch satellites, the agency typically does nothing.
Health & Wellness
Answers to the most common questions people ask about cellphone radiation.
Recent detentions of travelers to the United States—and seizure of their phones and other work-related material—have sparked alarm.
Judges ruled that police and federal authorities are free to seek the location data of cellphone users from telecommunications companies without obtaining a search warrant.
The Apple and Samsung supplier played down the job-loss aspect of the story by making it sound as though employees had been liberated to do less menial work.
The secrecy surrounding police use of these "anti-terrorism" devices in ordinary criminal investigations is a big and growing problem, ACLU experts say, one that puts some defendants at an unfair and illegal disadvantage.
There are currently no responses to this article.
Be the first to respond.