Submitted via IRC for BoyceMagooglyMonkey
Research funded by the Department of Homeland Security has found a "slew" of vulnerabilities in mobile devices offered by the four major U.S. cell phone carriers, including loopholes that may allow a hacker to gain access to a user's data, emails, text messages without the owner's knowledge.
The flaws allow a user "to escalate privileges and take over the device," Vincent Sritapan, a program manager at the Department of Homeland Security's Science and Technology Directorate told Fifth Domain during the Black Hat conference in Las Vegas.
The vulnerabilities are built into devices before a customer purchases the phone. Researchers said it is not clear if hackers have exploited the loophole yet.
Department of Homeland Security officials declined to say which manufacturers have the underlying vulnerabilities.
Millions of users in the U.S. are likely at risk, a source familiar with the research said, although the total number is not clear.
Because of the size of the market, it is likely that government officials are also at risk. The vulnerabilities are not limited to the U.S.
Researchers are expected to announce more details about the flaws later in the week.
(Score: 2) by MostCynical on Wednesday August 15 2018, @09:58AM (2 children)
chip manufaturer
Chip testing
Firmware - possibly from different sources, for different bits of hardware
Carrier firmware/apps
Any one of these could introduce vulnerabilities.
Trust? Pray?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 4, Funny) by takyon on Wednesday August 15 2018, @10:02AM
Cry. Resign. Drink. Laugh.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Insightful) by HiThere on Wednesday August 15 2018, @06:13PM
How about "don't do financial transactions over your phone", and "avoid saying anything sensitive".
The first is probably more important for most people, as it removed the incentive for attacks. The second one is important mainly for attacks that are targeted.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by Bill Evans on Wednesday August 15 2018, @12:25PM
I'll keep my flip phone, thank you.
(Score: 3, Funny) by Anonymous Coward on Wednesday August 15 2018, @02:06PM (1 child)
We all have root access to our phone. We can just install software to fix these issues or patch whatever is needed. No problem at all. It's just like a PC.
(Score: 2) by Freeman on Wednesday August 15 2018, @03:10PM
Yep, just like a PC, where you have to rely on third part devs to create drivers, so your display will function . . .
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 4, Interesting) by DavePolaschek on Wednesday August 15 2018, @03:10PM (2 children)
So undisclosed vulns in undisclosed phones by undisclosed manufacturers. But you're probably affected, so panic!
But the article definitely isn't clickbait!
(Score: 4, Interesting) by HiThere on Wednesday August 15 2018, @06:17PM
I wouldn't say the article was clickbait, but "Homeland Security" is a totally different matter, though clickbait might not be the correct term to use in describing their actions. But it was "Homeland Security" that warned of danger without being explicit about who.
OTOH, perhaps it's a good general assumption. Avoid putting any data on your phone (including financial transactions) that you wouldn't want the public to know. This year I've become increasingly reluctant to even make purchases over the web.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by bob_super on Wednesday August 15 2018, @06:17PM
Well, each individual flaw is just so boring and technical and I don't get it and what's new on Facebook have you seen my instagram such a cute puppy I can't believe John cheated on Sophie and let me check my bank account again oh wait where's all my money gone ?
We could use even more generic articles about phones being unsafe, and why the general public should bother to take the suppliers to task on that... Because obviously, the message isn't being registered yet.