Two research consultants with Accuvant Labs have recently discovered a security vulnerability that affects over 2 BILLIONphones! The vulnerability, which they will officially present later this week at the Black Hat security conference, involves an open-source device management tool, which used by many many vendors and carriers for OTA updates, remote device wipes, and more. This is something important, because mobile phones, devices are becoming part and parcel of our daily lives, even more so in the enterprise world with BYOD (Bring Your Own Device).
The management tools are implemented using a core standard, developed by the Open Mobile Alliance, called OMA device management. From these guidelines, each carrier can choose a base set of features or request additional ones. Solnik says they found that some phones have features for remotely wiping the device or conducting a factory reset, altering operating system settings and even remotely changing the PIN for the screen lock.
To make things worse, there are also systems in place which allows the carrier to identify nearby WiFi networks, remotely enable and disable Bluetooth or disable the phone’s camera. More significantly, they even found systems that allow the carrier to identify the applications on a handset, as well as activate or deactivate them or even add and remove applications. These systems wil give the carrier the option of making these changes with our without prompting the consumer. Carriers also can modify settings and servers for applications pre-installed by the carrier—something hackers could exploit to force the phone to communicate with a server of their choosing.
As far as this is concerned, the OMA’s are apparently another OS running alongside the official OS (Android, iOS, BlackBerry etc), so truthfully, the fault here is hard to pinpoint. I don’t know how much of this would pose up as a risk in present day, but as long as vulnerabilities are concerned, there are many which could have already be prevented.