Homeland Security warns that US carriers are selling phones with compromised security

The Department of Homeland Security funded a research meant to investigate how safe are smartphones sold in the United States. Some of the research’s results were reported during a conference in Las Vegas this week.

The team found multiple vulnerabilities in devices from different manufacturers, and sources say that millions of customers are using compromised smartphones sold to them by Verizon, AT&T, T-Mobile, Sprint and other carriers and major retailers. It’s unclear if the security flaws are purposely built into the devices or not, but they are at the core of the operating system and exist long before the carriers’ own software is installed.

The loopholes could potentially allow hackers to override user privileges and access data stored on the phones, including pictures, e-mails and text messages, without the user ever finding out. Because the exploit is working at such a deep level, it’s almost impossible for the researchers to tell if or how much it has been used to gather information.

The Department refused to name the smartphone manufacturers that have these issues but said all of them were informed of the research group’s findings. The security issues were not limited to devices used by carriers in the States.

Homeland Security decided to order the research after the cyber security company that was tasked with it, Kryptowire, found malicious software in smartphones sold in the US under the BLU brand.

Details about the vulnerabilities are expected to be released by the researchers by the end of the week.

source: FifthDomain via Cnet