Department of Homeland Security researchers have reportedly found many security vulnerabilities in mobile devices sold by U.S.-based cellphone carriers, reported Fifth Domain.
According to the report, which cites Vincent Sritapan, a program manager at the Department of Homeland Security’s Science and Technology Directorate, the flaws enables users “to escalate privileges and take over the device.” The loopholes, noted the report, could enable hackers to gain access to phone users’ data, emails and text messages without their knowledge.
The researchers told Fifth Domain that it’s not clear whether hackers have taken advantage of the security holes yet. One source familiar with the research told Fifth Domain that millions of users in the U.S. could be at risk, although the exact number isn’t known. Researchers are expected to announce more details about the security flaw later this week.
Sritapan told Fifth Domain the vulnerabilities were found in devices used by the four major carriers, which include Verizon, AT&T, T-Mobile and Sprint. The report noted that the mobile security firm Kryptowire did the research for the Department of Homeland Security, funded through the Critical Infrastructure Resilience Institute, which is a Department of Homeland Security research center.
“This is something that can target individuals without their knowledge,” Angelos Stavrou, the founder of Kryptowire, told Fifth Domain. These vulnerabilities “are burrowed deep inside the operating system,” he said. Stavrou said the manufacturers were notified of the security holes as early as February.