Serious flaws in cell phone carrier control software found
Posted on 08 August 2014.
At the Black Hat conference this week, two Accuvant researchers have disclosed serious security flaws in the carrier control software used in over 2 billion cellular devices across platforms and carriers.


The vulnerabilities discovered by the pair impact Android, Blackberry and a small number of iOS-based devices, with risk varying by carrier and device make and model.

“Carriers embed control software into most mobile devices so that they can configure phones for their networks and push over-the-air firmware updates,” explained Ryan Smith, Accuvant vice president and chief scientist.

The found vulnerabilities could spell disaster for users. Dependent upon device and carrier, when exploited the vulnerabilities in this control software may enable attackers to install malicious software; access data; add, delete and run applications; wipe a device; and remotely change the PIN for the screen lock, among other items.

But Accuvant has been working to properly disclose its findings to service providers to mitigate the risk. The company that makes the software has issued a fix that solves the problem; baseband manufacturers have written code to implement the fix; and carriers are in the process of distributing the fix to existing phones.

Mobile phone users should make sure their devices are up to date with the latest patches," Accuvant advises.

If no recent patches have been issued for a device, users should contact their carriers to find out if they are impacted and if a fix is available or has already been implemented. Organizations should leverage their MDM platforms to ensure users adopt the latest version of software for their phones.






Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //