Three critical ones security gaps in BTS stations allow hackers to compromise mobile phone antennas, according to Zimperium researchers.
"BTS" comes from the initials of the Base Transceiver Station and is the technical term used to describe the mobile antennas we see every day in our cities.
BTS stations are the backbone of every mobile network around the world and are used to relay calls, messages SMS and data packets from our mobiles to the data centers of the mobile phone companies, which in turn transmit the calls, SMS messages and data packets to their destination.
Zimperium security company, (which had discovered bug Stagefright), reports that there are three critical bugs in various software packages running on BTS stations.
Σύμφωνα με την Zimperium, επηρεάζονται Companies που το λογισμικό τους περιλαμβάνει τα Legba Incorporated (YateBTS
Currently there seem to be three issues which mobile phone companies and suppliers BTS software should be addressed directly with their equipment.
The first is a bug in a BTS core software service that exposes the device to external connections, allowing an attacker to reach the BTS station transceiver over the Internet.
Attackers can send UDP packets to some managed ports (5700, 5701, 5701) and take advantage of the built-in device features. This allows the attacker to gain remote control of the BTS station, modify the GSM traffic, collect information from the passage of data, crash the BTS station, and more.
In this case, the Zimperium recommends companies shut down the ports used to control and exchange data using only the local interface (127.0.0.1), or to deploy a firewall to block external traffic.
The second issue is an overflow of memory caused by oversized UDP packages. It is a classic flaw that allows for remote code execution (RCE) that allows the attacker to run malicious code on the device. This error is as dangerous as the intruder's abilities.
The third error is related to the first. If the attacker can send custom UDB data at the BTS station, because the control channel does not have any authentication, it can also execute commands at the BTS station transceiver unit. The transceiver is the main component in the BTS station platform that sends and receives data.
This particular defect, according to Zimperium, allows an attacker to control the transceiver unit remotely, without having to have administrator passwords.
