Security & Fraud

Homeland Security Researchers Find Security Holes In Mobile Devices

Hands-Free Banking Devices

Department of Homeland Security researchers have reportedly found many security vulnerabilities in mobile devices sold by U.S.-based cellphone carriers, reported Fifth Domain.

According to the report, which cites Vincent Sritapan, a program manager at the Department of Homeland Security’s Science and Technology Directorate, the flaws enables users “to escalate privileges and take over the device.” The loopholes, noted the report, could enable hackers to gain access to phone users’ data, emails and text messages without their knowledge.

The researchers told Fifth Domain that it’s not clear whether hackers have taken advantage of the security holes yet. One source familiar with the research told Fifth Domain that millions of users in the U.S. could be at risk, although the exact number isn’t known. Researchers are expected to announce more details about the security flaw later this week.

Sritapan told Fifth Domain the vulnerabilities were found in devices used by the four major carriers, which include Verizon, AT&T, T-Mobile and Sprint. The report noted that the mobile security firm Kryptowire did the research for the Department of Homeland Security, funded through the Critical Infrastructure Resilience Institute, which is a Department of Homeland Security research center.

“This is something that can target individuals without their knowledge,” Angelos Stavrou, the founder of Kryptowire, told Fifth Domain. These vulnerabilities “are burrowed deep inside the operating system,” he said. Stavrou said the manufacturers were notified of the security holes as early as February.


Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.