Hackers Can Control Your Phone Using a Tool That’s Already Built Into It
A lot of concern about the NSA’s seemingly omnipresent surveillance over the last year has focused on the agency’s efforts to install back doors in software and hardware. Those efforts are greatly aided, however, if the agency can piggyback on embedded software already on a system that can be exploited.
Two researchers have uncovered such built-in vulnerabilities in a large number of smartphones that would allow government spies and sophisticated hackers to install malicious code and take control of the device.
The attacks would require proximity to the phones, using a rogue base station or femtocell, and a high level of skill to pull off. But it took Mathew Solnik and Marc Blanchou, two research consultants with Accuvant Labs, just a few months to discover the vulnerabilities and exploit them.
The vulnerabilities lie within a device management tool carriers and manufacturers embed in handsets and tablets to remotely configure them. Though some design their own tool, most use a tool developed by a specific third-party vendor—which the researchers will not identify until they present their findings next week at the Black Hat security conference in Las Vegas. The tool is used in some form in more than 2 billion phones worldwide. The vulnerabilities, they say, were found so far in Android and BlackBerry devices and a small number of Apple iPhones used by Sprint customers. They haven’t looked at Windows Mobile devices yet.
The researchers say there’s no sign that anyone has exploited the vulnerabilities in the wild, and the company that makes the tool has issued a fix that solves the problem. But it’s now up to carriers to distribute it to users in a firmware update.
Carriers use the management tool to send over-the-air firmware upgrades, to remotely configure handsets for roaming or voice-over WiFi and to lock the devices to specific service providers. But each carrier and manufacturer has its own custom implementation of the client, and there are many that provide the carrier with an array of additional features.
To give carriers the ability to do these things, the management tool operates at the highest level of privilege on devices, which means an attacker who accesses and exploits the tool has the same abilities as the carriers.
The management tools are implemented using a core standard, developed by the Open Mobile Alliance, called OMA device management. From these guidelines, each carrier can choose a base set of features or request additional ones. Solnik says they found that some phones have features for remotely wiping the device or conducting a factory reset, altering operating system settings and even remotely changing the PIN for the screen lock.
They’ve also found systems that allow the carrier to identify nearby WiFi networks, remotely enable and disable Bluetooth or disable the phone’s camera. More significantly, they’ve found systems that allow the carrier to identify the applications on a handset, as well as activate or deactivate them or even add and remove applications. The systems give the carrier the option of making these changes with our without prompting the consumer.
Carriers also can modify settings and servers for applications pre-installed by the carrier—something hackers could exploit to force the phone to communicate with a server of their choosing.
Furthermore, some of the systems can monitor the web browser’s home page and in some cases retrieve synced contacts. Others include a call redirect function that can direct the phone to a specific phone number. Carriers typically use this feature to program shortcuts to their own phone numbers.
For example, Verizon might program its phones so “299″ dials customer service. But Solnik found this feature can be used to redirect any number; phone numbers also can be programmed to launch an application.
“Pretty much whatever number … if we programmed it, when you dial it, it would do whatever functionality we programmed it to do,” Solnik says. “Whether you have the number 1 programmed for your mother, it would then do what we choose.”
The more features the management tool offers the carrier, the more an attacker can do as well. But at a minimum, every device they examined would allow an attacker to change all of the cellular network functionality. In many cases, they could also control firmware updates.
Two phones that provided the highest level of exploitation were the HTC One M7 and the Blackberry Z10. Among iOS devices, they found that only iPhones offered by Sprint and running an operating system prior to version 7.0.4 were vulnerable. The 7.0.4 version of the software, which Apple released in November, partially solved the issue.
Carriers recognize the risk these management tools present, and many have added encryption and authentication to bolster security. Accessing the management system in the device, for example, often requires a password. And the researchers found every carrier in the US encrypts communication between a device and the carrier’s server. But these protections are so poorly implemented that the researchers could undermine them.
“Pretty much all the safeguards put into place to protect the clients in nearly all major devices we found can be bypassed,” Solnik says.
In the case of the authentication, for example, they found that the systems use passwords that are generated in part using a public identifier—that is, the IMEI, or the cell phone’s serial number. That number is readily available by any base station that communicates with the phone. Solnik says that although each carrier’s system uses a slightly different method for generating passwords, they’re all based on the same core.
“They’re all taking a certain public identifier and a certain pre-shared token or secret and using that to derive the password,” he says. “There is some secret sauce added, but because it’s derived from this token that is already public knowledge, that can be reverse-engineered and reproduced…. We can more or less pre-calculate all passwords for any device in order to manage the client.”
They also found many ways to undermine the encryption. “It does require a deep understanding of what it’s doing, but once you understand how it works, you can pretty much turn off or just bypass or man-in-the-middle the encryption itself,” Solnik says.
Although the vulnerabilities are basic from a security perspective, exploiting them is not. Each requires extensive knowledge of the OMA-DM standard implementation and how cellular networks work. A successful hack also requires setting up a cellular base transceiver station or finding a vulnerability in a femtocell to take it over and use it for the attack. And cracking the encryption is also not trivial. Nonetheless, anyone with the same level of knowledge and skill as the researchers could conduct the attacks.
That said, the researchers don’t believe anyone has exploited the vulnerabilities so far.
“During our disclosure with the vendors, different vendors have processes to look through to see if there are any traces of someone exploiting the vulnerabilities and we haven’t heard that there are any traces that anyone has seen so far,” says Ryan Smith, chief scientist at Accuvant.
Solnik and Blanchou have notified the firm that makes the management tool used by so many, and the company has already issued a fix. They also notified baseband manufacturers, who have written code that would implement that fix. Carriers are in the process of distributing a fix to existing phones.
“It’s important that all users … stay up to date with all the latest patches,” Solnik says. “Users should contact their carrier to see if an update is already available.”
SOURCE : WIRED
Tecno i7 will sweep you off your feet
Ever wondered why some Chinese companies are able to give you a smartphone loaded with high end specs and decent build quality, at a price way less than what world famous brands do? Chinese smartphones are often cheaper because they don’t have the same overheads as brands that have physical stores. Did you see the announcement of the Galaxy S6? Have you heard of the contract Robert Downey Jr signed last year with HTC? Or that Sony wants to promote the Xperia Z5 in a new James Bond film? These things cost a fortune. A fortune that you, the customer, end up paying. Tecno must have fallen on your ear. Browse https://jiji.ng/mobile-phones/tecno, where you can find an affordable Tecno smartphone in your city. So check this Tecno i7 to see whether, it really stands a chance in the already overcrowded african smartphone market?
The Tecno I7 is a modern looking gadget, that is very similar to other smartphones in the market. On the right side are the power and volume buttons. Tecno has given the power key a textured finish, which helps distinguish it from the volume keys just by feel.While, the front side looks expensive, the rear panel, looks borrowed, this is where i7 loses points is in terms of originality.
Tecno i7 comes with 5-inch HD IPS display with a resolution of 1080×1920 pixels, which gives bright and decent colors while watching movies, youtube or web browsing. You can also regulate the brightness manually or choose automatic adjustment option.
Hardwear and softwear
The I7 runs a heavily skinned version of Android called Hi OS and powered by a 1.3 GHz MediaTek processor paired up with 4GB of RAM. The smartphone has 32GB of internal memory along with a duo SIM card slot as well, wish you expand the memory storage. It supports 3G, 4G and other connectivity options include Wi-Fi and Bluetooth. Fingerprint sensor is accurate and responsive.
The front camera has a resolution of 13 megapixels paired with with a Quad LED flash. It offers good colour and fast shutter speed.The camera is snappy and gives you easy access to some of the options right from the main screen. You can swipe to switch from photo capturing mode to video mode, as well as change to other modes like Beauty and Panorama. Unfortunately, the front 16 MP camera with Front LED flash promises a lot on paper, but fails to deliver.
One the strongest points of the Tecno i7 is its battery. The smartphone equipped with a 4,000mAh battery that supports fast charging. The Rocket Charge will get you 80% charge within 70 minutes.
Why You Still Need An MP3 Player
Only five or ten years ago MP3 players were the most popular devices for listening to music, but as mobile phones became more and more advanced, MP3 players started to lose their popularity. However, there are still plenty of reasons to choose an MP3 player over a music app in your smartphone. You can buy MP3 players and lots of other electronics in Nigeria at unbelievably low prices by simply following this link: https://jiji.ng/electronics
Low cost gadget
Even the latest MP3 player model is still cheaper than a mid-range smartphone, so if you often break or lose your device, an MP3 player can become your low-risk investment. For example, it may turn out that replacing the screen on your iPhone costs as much as a new iPod, so dropping your device on the ground can have different consequences depending on which gadget you prefer.
Take the most out of your music collection
Most music fans have huge collections of MP3 files on their computer – they can be downloaded from the Internet or converted from music CDs. An MP3 player becomes the most suitable device for playing these files. Modern smartphones are mostly designed for using music apps and subscription services, while transferring and organizing MP3 files on your phone can turn out to be quite tricky. An MP3 player will let you effortlessly select music by artist, album or track title, or even release year. And don’t forget the super convenient playlist feature!
Perfect for active lifestyle
Keeping fit and leading an adventurous life are today’s biggest trends, and music is an essential component of active lifestyle. No matter what you’re into – running, going into the gym, hiking, cycling, or climbing – an MP3 player is a much lighter and smaller device than your mobile phone, which means it’s much more convenient to carry around. Plus, many MP3 players like the iPod Shuffle have special clips, so you don’t have to keep them in your pocket.
Save battery life
One of the biggest problems of smartphone users is the battery that dies in the middle of the day even when you’re not actively using the phone. Obviously, listening to music for hours has an even more drastic effect on the battery life. MP3 players, however, are known for lasting for days while playing music non-stop. That way you can take the pressure off your phone’s battery while enjoying your favorite tunes wherever you are without worrying about the battery life of your devices.
Mobile app to curb vandalism, power theft Launched in Nigeria
In a bid to curb the disturbing nuisances that stem from criminality in our society, Web Asset Limited, a Lagos-based technology company, has launched an interactive crime reporting system tagged ‘Hawk Eye’.
Hawk Eye is a mobile app that uses an innovative technology to checkmate crime in Nigeria.
The launch which took place in Abuja, was a beta launch piloted by Mr. Kayode Aladesuyi, chairman Web Asset Ltd., and developer of the Hawk Eye app.
The pilot launch was aimed at demonstrating how the app could be useful in finding a solution to the menace of utility and energy theft plaguing the electricity sector.
The demonstration highlighted the distinctive features of the app like the ability to select crime types, capture and send videos, images or text messages of the crime and direct these to appropriate security authorities for immediate action.
He added that the system offers a crime management platform with a robust command and control centre dashboard to display location of crime scenes and the nearest officers to respond to the reported crime.
The Hawk Eye system is the first national crime reporting system in the country and is one of the ways in which the public can lend its support to reinforce the governments’ unrelenting efforts in safeguarding lives and properties across the country.
Mr. Aladesuyi, explained that beyond reporting utility theft for the energy sector, the app had been developed with the potential to work with different security agencies and institutions in the country and deal with crime at all levels from kidnapping, vandalism, civil unrest, terrorism, extortion, etc.
He said: “We are always looking for better and more contemporary ways of safeguarding lives and private properties, including public utilities. The app which is a niche crime reporting app, will address the infrastructural gap in the area of emergency response system through internet-enabled mobile phones. The app also provides an alternative, fast and easy way of tackling security issues with exposure to lesser risks.”
“Hawk Eye enables officers in the field to receive dispatched incidents and option to file reports in real-time even while in remote locations. Through its unique offering of Global Announcement feature, the app allows communication with different communities on national emergencies, most wanted persons, among other emergencies. In addition, Hawk Eye provides a FindMe feature for users to notify Rapid Response units or family members in the event of kidnapping incidents,” he said.
Ernest Mupwaya, managing director of Abuja Electricity Distribution Company (AEDC), in his remarks said, “Energy theft is crippling the revenues of electricity distribution companies and impacting negatively on growth.” He explained that the distance and communication gaps were hindrances to checking criminal activities in the sector, adding that the app, as a security enabler would bridge these gaps.
Download Hawkeye on Google Play store By searching for Hawkeye Nigeria or click the Link below
Follow me on Twitter
- Firing Games? Do They Have Any Knock-on Effects?
- Methods to Influence Staff members to Acquire Things Completed Correctly punctually Without Using Positional Power
- The right way to Influence Employees to Acquire Things Performed Correctly on Time Without Employing Positional Ability
- Tips on how to Influence Personnel to Get Things Performed Correctly on Time Without Using Positional Right
- Methods to Influence Workers to Obtain Things Performed Correctly promptly Without Using Positional Recognized