Three critical gaps security in BTS stations allow hackers to compromise mobile phone antennas, according to Zimperium researchers.
"BTS" comes from the initials of the Base Transceiver Station and is the technical term used to describe the mobile antennas we see every day in our cities.
BTS stations are the backbone of every mobile network around the world and are used to relay calls, SMS messages and data packets from cell phones us to the data centers of the mobile telephone companies, which in turn transmit the calls, SMS messages and data packets to their destination.
Mobile security firm Zimperium, (which discovered the Stagefright bug), says there are three critical ones errorthem to various software packages running on BTS stations.
Currently there seem to be three issues which mobile phone companies and suppliers BTS software should be addressed directly with their equipment.
The first is a bug in one service BTS core software that exposes the device to external connections, allowing an attacker to reach the BTS transceiver via the Internet.
Attackers can send UDP packets to certain ports management (5700, 5701, 5701) και να εκμεταλλευτούν τις ενσωματωμένες functions της συσκευής. Αυτό επιτρέπει στον εισβολέα να αποκτήσει τηλεχειρισμό του σταθμού BTS, να τροποποιήσει την κυκλοφορία GSM, να συλλέγει information from passing data, crashing the BTS station, and more.
In this case, the Zimperium recommends companies shut down the ports used to control and exchange data using only the local interface (127.0.0.1), or to deploy a firewall to block external traffic.
The second issue is a memory overflow caused by oversized UDP packets. It is a classic flaw that allows remote implementation code (remote code execution flaw or RCE) that allows an attacker to execute malicious code on the device. This bug is only as dangerous as the attacker's abilities.
The third error is related to the first. If the attacker can send custom UDB data στο σταθμό BTS, επειδή το κανάλι control does not have any authentication, and can execute commands on unit of the BTS station transceiver. The transceiver is the main component in the BTS station platform that sends and receives data.
This particular defect, according to Zimperium, allows an attacker to control the transceiver unit remotely, without having to have administrator passwords.