Widespread vulnerabilities discovered in client control software affecting smartphone platforms will be shared at next weeks conference

http://www.darkreading.com/mobile/new-mobile-phone-0wnage-threat-discovered/d/d-id/1297686

Rogue cellular towers and phony base stations long have been a tradition of researchers at Black Hat and DEF CON, who test and demonstrate how they can intercept or manipulate cellphones, but a team of researchers has found a deeper problem of major security vulnerabilities in the client control software running on the majority of mobile phones around the world.

Accuvant Labs researchers Mathew Solnik and Marc Blanchou — who will provide details and demonstrations of their findings next week at Black Hat USA in Las Vegas — say they found a variety of serious flaws in the software that sits on Android, BlackBerry, and Apple iOS smartphones and embedded devices that handle everything from firmware, cell network baseband parameters, CDMA settings, and LTE settings, to device-wiping, Bluetooth, GPS, encryption, software activation, and battery monitoring, among other functions.

Attackers using a rogue base station could exploit these flaws to wrest control of the mobile devices themselves, or remotely spread malware on devices connecting to the station, for example. “The attacks require more or less a rogue femtocell, or base station,” says Solnik, a research scientist with Accuvant. Such hardware is relatively simple to acquire: He and Blanchou purchased a base station for under $1,000 for their research, and were able to conduct their proof-of-concept attacks anywhere from 30 feet to 30 yards away from the targeted phones.