SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
20 Jul 2016

Software flaw puts mobile phones and networks at risk of complete takeover

A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday.

The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones.

Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One. "The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources," researchers who discovered the flaw wrote in an advisory published Monday evening.

"These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network." Security expert HD Moore, who is principal at a firm called Special Circumstances, described the flaw as a "big deal" because of the breadth of gear that are at risk of complete takeover.

"The baseband vulnerabilities are currently biggest concern for consumers, as successful exploitation can compromise the entire device, even when security hardening and encryption is in place," he wrote in an e-mail. "These issues can be exploited by someone with access to the mobile network and may also be exposed to an attacker operating a malicious cell network, using products like the Stingray or open source software like OsmocomBB."

The library flaw also has the potential to put carrier equipment at risk if attackers figured out how to modify carrier traffic in a way that was able to exploit the vulnerability and execute malicious code. Moore went on to say the threat posed to carriers is probably smaller given the challenges of testing an exploit on the specific equipment used by a targeted carrier and the difficulty of funnelling attack code into the vulnerable parts of its network.

"A carrier-side attack would require a lot more effort and funding than targeting the mobile phone basebands," he said. "For specific attack scenarios, carriers may be able to block the traffic from reaching the vulnerable components, similar to how SMS filtering is done today."

Dan Guido, an expert in cellular phone security and the CEO of a firm called Trail of Bits, agreed that the vulnerability will be hard to exploit. But Moore also described ASN.1 as the "backbone" of today's mobile telephone system. Even in the absence of working code-execution capabilities, attackers could use exploits to trigger denial-of-service outages that could interrupt key parts of a network or knock them out altogether.

Right now, only gear from hardware manufacturer Qualcomm is known to be affected, according to this advisory from the Department of Homeland Security-backed CERT. Researchers are still working to determine if a long list of other manufacturers—including AT&T, BAE Systems, Broadcom, Cisco Systems, Deutsche Telekom, and Ericsson—are similarly affected. For the moment, there's little end users can do to insulate themselves from the threat other than to monitor advisories from device makers and carriers.

Objective Systems has released a "hotfix" that corrects the flaw, but both Guido and Moore said the difficulty of patching billions of pieces of hardware, many scattered in remote places throughout the world, meant the vulnerability is likely to remain unfixed for the indefinite future. "This kind of infrastructure just does not get patches," Guido said. "So [the vulnerability] is a stationary target that others can develop against. It's easy to set goals towards it."

Tags:
information leaks
Source:
Ars Technica
1924
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015