|[August 06, 2014]
Accuvant Discloses Cellular Phone Software Vulnerabilities; Provides End User Guidance
LAS VEGAS --(Business Wire)--
the authoritative source for enterprise information security, today
disclosed at Black Hat USA 2014 details of security vulnerabilities that
are exposing mobile phone users to risk. Research scientists Mathew
Solnik and Marc Blanchou, both members of the respected Accuvant LABS
team, demonstrated the attacks in order to better educate the community
on the seriousness of the risks. The vulnerabilities discovered by the
pair impact Android (News - Alert), Blackberry and a small number of iOS-based devices,
with risk varying by carrier and device make and model.
Mobile phone users should make sure their devices are up to date with
the latest patches. If no recent patches have been issued for a device,
users should contact their carriers to find out if they are impacted and
if a fix is available or has already been implemented. Organizations
should leverage their MDM platforms to ensure users adopt the latest
version of software for their phones.
"Carriers embed control software into most mobile devices so that they
can configure phones for thir networks and push over-the-air firmware
updates," said Ryan Smith, Accuvant vice president and chief scientist.
"Our researchers - Mathew Solnik and Marc Blanchou - found serious
security vulnerabilities in the carrier control software used in a large
number of cell phones across platforms and carriers."
Accuvant has been working diligently to properly disclose its findings
to service providers to mitigate the risk. The company that makes the
software has issued a fix that solves the problem; baseband
manufacturers have written code to implement the fix; and carriers are
in the process of distributing the fix to existing phones.
"Security threats have become a daily issue for billions of technology
users around the world, so it's critical to find vulnerabilities of this
nature and fix them before they can become a big public concern," said
Christina Richmond, program director, security services, IDC (News - Alert). "Having
specialized experts with the capabilities to conduct this kind of
security research and educate organizations and consumers on how to fix
these issues is essential."
Dependent upon device and carrier, when exploited the vulnerabilities in
this control software may enable attackers to install malicious
software; access data; add, delete and run applications; wipe a device;
and remotely change the PIN for the screen lock, among other items.
Accuvant is a Black Hat 2014 Platinum Sponsor, and is exhibiting at
Accuvant, a Blackstone (NYSE: BX) portfolio company, is the leading
provider of information security services and solutions serving
enterprise-class organizations across North America. The company offers
a full suite of service capabilities to help businesses, governments and
educational institutions define their security strategies, identify and
remediate threats and risks, select and deploy the right technology, and
achieve operational readiness to protect their organizations from
malicious attack. Founded in 2002, Accuvant has been named to the Inc.
500|5000 list of fastest growing companies for the last seven
consecutive years. The company is headquartered in Denver, Colo., with
offices across the United States and Canada. Further information is
available at www.accuvant.com.
[ Back To TMCnet.com's Homepage ]