Submission + - Hackers Can Control Your Phone Using a Tool That's Already Built Into It (wired.com)
An anonymous reader writes: A lot of concern about the NSA’s seemingly omnipresent surveillance over the last year has focused on the agency’s efforts to install back doors in software and hardware. Those efforts are greatly aided, however, if the agency can piggyback on embedded software already on a system that can be exploited.
Two researchers have uncovered such built-in vulnerabilities in a large number of smartphones that would allow government spies and sophisticated hackers to install malicious code and take control of the device.
The vulnerabilities lie within a device management tool carriers and manufacturers embed in handsets and tablets to remotely configure them. Though some design their own tool, most use a tool developed by a specific third-party vendor—which the researchers will not identify until they present their findings next week at the Black Hat security conference in Las Vegas. The tool is used in some form in more than 2 billion phones worldwide. The vulnerabilities, they say, were found so far in Android and BlackBerry devices and a small number of Apple iPhones used by Sprint customers. They haven’t looked at Windows Mobile devices yet.
Two researchers have uncovered such built-in vulnerabilities in a large number of smartphones that would allow government spies and sophisticated hackers to install malicious code and take control of the device.
The vulnerabilities lie within a device management tool carriers and manufacturers embed in handsets and tablets to remotely configure them. Though some design their own tool, most use a tool developed by a specific third-party vendor—which the researchers will not identify until they present their findings next week at the Black Hat security conference in Las Vegas. The tool is used in some form in more than 2 billion phones worldwide. The vulnerabilities, they say, were found so far in Android and BlackBerry devices and a small number of Apple iPhones used by Sprint customers. They haven’t looked at Windows Mobile devices yet.