Government surveillance and malicious hacking could be facilitated by built-in vulnerabilities in mobile devices.
Research consultants with Accuvant Labs, Mathew Solnik and Marc Blanchou, found in a research that the weak points exist in around 2 billion smartphones worldwide, Wired has reported.
Made easy by potential exploits in embedded software, the researchers determined that attacks would require proximity to targeted phones, using a femtocell or rogue base station, and expert hacking skills in order to be effective.
At the root of the problem lies a device management tool, embedded within handsets by carriers and manufacturers, which is vulnerable to attacks. The tool often comes from a third-party developer, the name of which the researchers are to reveal at the upcoming Black Hat security conference in Las Vegas.
So far, the vulnerabilities have been identified in Android, Blackberry and Apple devices, the latter limited to a small group of Sprint customers. Windows devices are yet to be examined.
Carriers send over-the-air firmware upgrades via the management tool, enabling the remote configuration of roaming and voice-over Wi-Fi features, and the locking of devices to certain service providers. The tool consequently runs at a high level of privilege, granting would-be attackers the same power as carriers.
Some phones were found to contain a factory reset function, which can be triggered remotely. Screen lock PINs can also be changed from afar.
The Blackberry Z10 and the HTC One M7 exhibited the highest level of exploitation. The typically resilient iPhone was only found to be vulnerable if offered by Sprint with an older OS than 7.0.4.
Carriers are wise to their devices vulnerability, having incorporated authentication and encryption functions, but the researchers easily overcame them due to poor implementation.
"Pretty much all the safeguards put into place to protect the clients in nearly all major devices we found can be bypassed," Solnik said to Wired.
"We can more or less pre-calculate all passwords for any device in order to manage the client."
There are currently no recorded instances of the vulnerabilities being exploited in the wild, say the researchers, and the third-party developer has issued a fix. The onus is now on carriers to provide users with a firmware update.