Fear them hackers; Probably something else you should be afraid of. The NSA's surveillance phenomena have raised many concerns about its efforts services to install backdoors σε software και hardware. Οι προσπάθειες αυτές σε μεγάλο βαθμό συνήθως ευνοούνται με βοήθεια εκ των έσω και εννοούμε τις κατασκευάστριες εταιρείες. Έτσι δεν είναι παράξενο φαινόμενο να υπάρχει ενσωματωμένο λογισμικό κατασκοπείας σε ένα λειτουργικό σύστημα κινητής.
Two researchers discovered such embedded vulnerabilities in many different smartphones that would allow government spies and sophisticated hackers to install malicious code and take control of the devices.
Researchers Mathew Solnik and Marc Blanchou, of Accuvant Labs, took just a few months to figure out the vulnerabilities and exploit them.
Vulnerabilities are found in the device management tools of providers and manufacturers built into smartphones and tablets and allow them to configure them remotely. The researchers will present their findings next week at the Black Hat security conference in Las Vegas. The tool is used in some form by more than 2 billion cell phones phones worldwide. The vulnerabilities, researchers say, have been found so far in Android devices, BlackBerry devices and a small number of Apple iPhone devices used by Sprint customers. They haven't tested Windows Mobile devices yet.
Providers use the management tool to send over-the-air firmware upgrades to set up remote roaming or voice-over WiFi devices, as well as lock devices to specific service providers. Each operator and manufacturer has its own specialized software and there are many that provide the carrier with a number of additional features.
In order to help carriers to do such things, the management tool works at the highest level of privileges on the devices, which means that an attacker who has access to and exploits the tool has the same capabilities as carriers.
Έχουν βρεθεί επίσης συστήματα που επιτρέπουν στον πάροχο να εντοπίσει κοντινά δίκτυα WiFi, να ενεργοποιήσει ή να απενεργοποιήσει εξ αποστάσεως το Bluetooth ή να απενεργοποιήσει την κάμερα του τηλεφώνου. Οι ερευνητές ανακάλυψαν συστήματα που επιτρέπουν στον πάροχο να εντοπίσει όλες τις εφαρμογές μιας συσκευής, να τις ενεργοποιήσει ή να απενεργοποιήσει ή ακόμη και να προσθέσει η να remove applications. The systems enable the provider to make these changes without the consumer's consent.
In addition, some of the systems can monitor the web browser's homepage and in some cases retrieve synchronized contacts. Others include a call redirection feature that can direct the phone to a specific phone number.