- Security researchers at the Department of Homeland Security have discovered unspecified phones from multiple US carries which are susceptible to vulnerabilities.
- The exploit allows attackers to “to escalate privileges and take over the device.”
- The affected devices include both Android and iOS smartphones.
Unspecified Android and iOS phones that are sold by US carriers like AT&T, T-Mobile, Verizon, and Sprint have been identified as vulnerable by the Department of Homeland Security. Flaws were found in the privilege escalation permissions available on the smartphones according to the recently concluded research by Virginia-based mobile security firm Kryptowire. The research was funded by the Critical Infrastructure Resilience Institute, a Department of Homeland Security research center.
Kryptowire founder Angelos Stavrou revealed “This is something that can target individuals without their knowledge. it was difficult to tell if, and how, the vulnerability has been exploited. These vulnerabilities are burrowed deep inside the operating system.”
Vincent Sritapan, program manager at the Department of Homeland Security’s Science and Technology Directorate, revealed details about the vulnerability and how they are built into smartphones before way before they are sold to customers. Homeland Security chose to not reveal the names of all the smartphones for security purposes but only revealed that the vulnerabilities affect smartphones of multiple platforms. The research for Homeland Security was prompted after Blu phones were discovered last year to contain security flaws. Carriers stopped selling the manufacturer’s devices right after.
Reputed manufacturers like Samsung have also been affected by such vulnerabilities with the Galaxy S7 being recalled after being declared vulnerable to the Meltdown malware. While Samsung claimed that they patched the device, the patches did not prove to be sufficient with users reporting malware attacks causing hardware failure.
The manufacturers of smartphones that were identified as vulnerable by Homeland Security have already been notified earlier this year and are aware of the vulnerabilities. However, some of the manufacturers are yet to release their vulnerability disclosure reports which makes it unknown if hackers have already exploited the vulnerabilities.
What do you think about Homeland Security’s findings? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.