Hacking into cellphones, or staging a hostile takeover, doesn’t require a lot of fancy tricks or even that many steps, according to two experts who sounded the alarm Wednesday at a security conference in Las Vegas.
According to Mathew Solnik and Marc Blanchou of Accuvant Labs in Denver, the vulnerability lies in cellphone carriers’ reliance upon the Open Mobile Alliance Device Management (OMA-DM) protocol, which is currently a bit more “open” than it should be.
Also read: T-Mobile Slapped With FTC Lawsuit for Phony Charges
The two experts made their case at the BlackHat conference, and Tom’s Guide relayed their startling findings Thursday:
OMA-DM is used by cellular carriers worldwide to provision, troubleshoot and send software updates to phones. For example, if you bought an Android phone from a carrier rather than from Google, Blanchou and Solnik explained, then the phone’s software updates come through OMA-DM. (Most iPhones and iPads do not use the standard, except for devices sold by Sprint.)
Yet the security of those software updates can be trivial to bypass. Many carriers verify updates with a “signature” that is a combination of the targeted device’s unique ID number and a secret encoding token, but some carriers, the researchers said, use a single token for all updates to all devices on their networks.
[...] The phones’ regular communications with the carriers’ OMA-DM servers are also vulnerable. Due to poor implementation of secure-transmission standards, it’s often possible to stage “man-in=the-middle” attacks in which a hacker secretly intercepts and modifies messages traveling between the phone and the carrier.
What’s more, the report added, tablets and laptops, along with some vehicles, are also susceptible to this kind of hacking, and the problems are increasing as carriers switch to 4G networks. Fasten your seat belts.
—Posted by Kasia Anderson