Serious flaws in cell phone carrier control software found
Posted on 08 August 2014.
At the Black Hat conference this week, two Accuvant researchers have disclosed serious security flaws in the carrier control software used in over 2 billion cellular devices across platforms and carriers.


The vulnerabilities discovered by the pair impact Android, Blackberry and a small number of iOS-based devices, with risk varying by carrier and device make and model.

“Carriers embed control software into most mobile devices so that they can configure phones for their networks and push over-the-air firmware updates,” explained Ryan Smith, Accuvant vice president and chief scientist.

The found vulnerabilities could spell disaster for users. Dependent upon device and carrier, when exploited the vulnerabilities in this control software may enable attackers to install malicious software; access data; add, delete and run applications; wipe a device; and remotely change the PIN for the screen lock, among other items.

But Accuvant has been working to properly disclose its findings to service providers to mitigate the risk. The company that makes the software has issued a fix that solves the problem; baseband manufacturers have written code to implement the fix; and carriers are in the process of distributing the fix to existing phones.

Mobile phone users should make sure their devices are up to date with the latest patches," Accuvant advises.

If no recent patches have been issued for a device, users should contact their carriers to find out if they are impacted and if a fix is available or has already been implemented. Organizations should leverage their MDM platforms to ensure users adopt the latest version of software for their phones.






Spotlight

Emerging cloud threats and how to address them

Posted on 15 September 2014.  |  Public and community clouds can be appealing targets for hackers looking to disrupt or steal information from scores of organizations with one successful strike. Here are some emerging security threats and issues cloud providers and their clients should be aware of.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 16th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //