As if the reports of NSA spying over all your mobile phone and Internet activity weren’t enough to make customers all the more paranoid, a recent major security flaw discovered in Android and BlackBerry devices (and some iPhones as well) can basically put millions and millions of customers worldwide at the risk. The vulnerability can basically allow an attacker to assume the highest level of control of an affected cellular device and enable theft of personal data and more. Details past the break.
The security flaw, which was discovered by Mathew Solnik and Marc Blanchou of Accuvant Labs, essentially exploits the device’s management tool that various carriers embed in the devices to deliver OTA updates and other settings. Based on their research, the exploit enables an attacker to fool the device in assuming control as the carrier and thus, taking advantage of the highest level of permissions that such device management tools enjoy. Solnik and Blanchou plan on sharing the details of this vulnerability as the upcoming Black Hat security conference in Las Vegas next week, prior to which they’ve just shared a scarce few with Wired.
So far, the vulnerability is confirmed in Android, BlackBerry and Sprint’s iPhone devices. Windows Phone has yet to be tested, but results will become available prior the researcher duo’s presentation at Black Hat.
As discussed earlier, the vulnerability discovered by Solnik and Blanchou makes use of the device management tool embedded by carriers in cellular devices. This tool runs with the highest level of permissions and privilege on the device, making it an equivalent of an Administrator account in a PC. Thus, if a hacker is able to exploit this tool, the level of access that they will get will be unparalleled. Hence, any user data, no matter where stored or secured, will be accessible and potentially at risk.
While we wait to find further details around this vulnerability, this whole scenario poses the larger question of whether the carriers should be allowed to continue having such a high level of access or not.
What is to stop those with prying eyes stealing that data? What is to stop the carriers themselves from treating the connections carefully? In essence, ‘quis custodiet ipsos custodes?’ – who will guard the guards?