Skip to Content

Black Hat: Most Smartphones Come with a Poorly Secured Back Door

A system designed to let carriers remotely install software on phones, or change their settings without a user noticing, is open to abuse.
August 7, 2014

A powerful remote-control system installed on most smartphones could be used by hackers to secretly take control of many devices, allowing theft of data or eavesdropping on communications.

Wireless carriers install the mechanism, known as ODM, in phones, tablets, and even cars as a way to distribute software updates and make configuration changes. Researchers with the computer security company Accuvant uncovered a series of flaws with ODM that could be exploited to gain the same remote-control powers.

In their tests, the Accuvant researchers could take over devices made by Apple and other major manufacturers. They gained the power to install any software on the devices, which would allow them to steal sensitive data. “An attacker can take full control,” said Mathew Solnik, a research scientist at Accuvant who presented the research at the Black Hat computer security conference Wednesday with colleague Marc Blanchou.

The attacks could also be used to reconfigure settings on a device—for example, to cause all data to flow via a server designed to collect communications. Many such settings are installed into a devices “baseband” and are more or less impossible to erase. “Even if you ‘factory reset,’ you still can’t get rid of it,” says Solnik.

An estimated two billion cellular devices around the world have the ODM protocol installed, according to the researchers. Somewhere between 70 and 90 percent of those devices have been equipped with the same software package, made by Red Bend Software of Waltham, Massachusetts, to handle the remote-control functionality.

Despite its crucial role, that package hasn’t been updated substantially since 2004, said Solnik. He and Blanchou performed their proof-of-principle attacks using a suite of flaws found in that software, as well as in the design of the ODM protocol itself.

An attack requires either using a carrier’s infrastructure to communicate with phones or using a base station of your own. That’s easier than it might sound. Accuvant’s researchers were able to use off-the-shelf hardware and an open-source software package to create a system that would connect to phones within a 30-foot radius at relatively low cost (see “Build Your Own Cellular Network”). “With a single silent message, someone who is not your carrier can access the full functionality of your device,” said Solnik.

Android devices were found to be most vulnerable. The researchers could take over Apple devices only on Sprint’s network. Fully unlocked devices bought directly from a phone manufacturer were the most secure, because most didn’t have ODM software installed.

Accuvant disclosed its findings 90 days ago to Red Bend, the device manufacturers, and the wireless carriers affected. Several, including Red Bend, have already released patches to fix the problems, although it is unknown how widely they have been distributed.

Solnik believes attacks via ODM will remain possible even after those patches are applied. Flaws discovered in the way the ODM protocol connects to a device can’t be fixed until the industry agrees on a new design, he says.

The problems uncovered by Accuvant could also be of interest to law enforcement and surveillance agencies, which increasingly use malware to collect data. In the United States, it has become common for them to use mobile base stations to intercept text messages, phone calls, and data sent by nearby phones. Solnik told MIT Technology Review the same technology could be used as a platform for attacks like those he developed. For example, it could silently push malware onto phones. “It would be a similar type of device,” he said. 

Keep Reading

Most Popular

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

images created by Google Imagen
images created by Google Imagen

The dark secret behind those cute AI-generated animal images

Google Brain has revealed its own image-making AI, called Imagen. But don't expect to see anything that isn't wholesome.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.