View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Over 2 billion devices exposed to hackers

Security scientists reveal hidden controls in smartphones.

By Vinod

Over two billion devices are exposed to hackers due to vulnerabilities found in remote management software on smartphones, according to security scientists from Accuvant.

Speaking at the Black Hat conference in Las Vegas, Mathew Solnik and Marc Blanchou described a number of security flaws in Android, Blackberry and a small number of iOS devices, with risk varying by carrier, make and model.

Vulnerabilities were discovered in widely deployed client implementations of the OMA Device Management (OMA-DM) protocol, the duo said, which allows carriers to remotely deploy firmware updates, change data connection settings, install applications, and lock and wipe devices.

Such features are also present in laptops, tablets and an increasing number of ‘Internet of Things‘ devices, including those in cars, according to the pair.

Demonstrating the kind of risks devices are exposed to, Solnik and Blanchou took the example of a protocol from Red Bend Software that they claim is installed on 70-90% of carrier sold mobile phones in the world.

The software was said to be easily controlled through the device IMEI (International Mobile Station Equipment Identity) number and a static secret token which is shared by all devices on a particular carrier, both of which can be easily acquired by an attacker.

These vulnerabilities were said to be present in OMA-DM client software developed by other companies too.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Accuvant says that it has already informed Red Bend Software which has released patches to manufacturers.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.