Homeland Security warns that US carriers are selling phones with compromised security

Homeland Security warns that US carriers are selling phones with compromised security
The Department of Homeland Security funded a research meant to investigate how safe are smartphones sold in the United States. Some of the research’s results were reported during a conference in Las Vegas this week.

The team found multiple vulnerabilities in devices from different manufacturers, and sources say that millions of customers are using compromised smartphones sold to them by Verizon, AT&T, T-Mobile, Sprint and other carriers and major retailers. It’s unclear if the security flaws are purposely built into the devices or not, but they are at the core of the operating system and exist long before the carriers’ own software is installed.

The loopholes could potentially allow hackers to override user privileges and access data stored on the phones, including pictures, e-mails and text messages, without the user ever finding out. Because the exploit is working at such a deep level, it’s almost impossible for the researchers to tell if or how much it has been used to gather information.

The Department refused to name the smartphone manufacturers that have these issues but said all of them were informed of the research group’s findings. The security issues were not limited to devices used by carriers in the States.

Homeland Security decided to order the research after the cyber security company that was tasked with it, Kryptowire, found malicious software in smartphones sold in the US under the BLU brand.

Details about the vulnerabilities are expected to be released by the researchers by the end of the week.

source: FifthDomain via Cnet

FEATURED VIDEO

10 Comments

1. toukale

Posts: 669; Member since: Jun 10, 2015

That's not news these days.

2. AfterShock

Posts: 4147; Member since: Nov 02, 2012

Though without proof, it's just FUD.

3. isprobi

Posts: 797; Member since: May 30, 2011

They should release the brands and models of compromised phones. If I was sold a pre-hacked phone I should have the right to know.

4. lyndon420

Posts: 6878; Member since: Jul 11, 2012

We've got a couple days, so hopefully they spill all the details by Saturday.

5. libra89

Posts: 2316; Member since: Apr 15, 2016

I hope that they do. The fact that this is an issue with all of the carriers essentially is concerning.

6. strategic_developer

Posts: 1627; Member since: Jul 17, 2018

Are they all Chinese branded?

7. isprobi

Posts: 797; Member since: May 30, 2011

Considering how few Chinese branded phones carriers have I think they may be made in China and sold under another name

8. jonathanfiuwx

Posts: 184; Member since: Mar 10, 2017

I'll just put it out there. It's not essential or pixel

9. isprobi

Posts: 797; Member since: May 30, 2011

I hope Razer is not included but I do not think any carriers sell it. I expect the same may exist on unlocked phones. I think anything running Samsung TouchWiz should be considered compromised given the way it drags down performance.

10. zennacko unregistered

Everything seems to have backdoors and zero-day exploits these days. Thing is, now everyone is starting to point fingers in the "who has access to what and where" war between the great powers.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.