Researchers funded by the Department of Homeland Security recently found security flaws in millions of smartphones, including iPhones. The flaws were found in phones sold by Verizon, AT&T, T-Mobile, Sprint, and other carriers.
The flaws are that of privilege escalation, which means that it achieves root access to completely take over the device.
The research was conducted by Kryptowire, a Virginia-based mobile security firm and funded through the Critical Infrastructure Resilience Institute, a Department of Homeland Security research center.
The flaws allow a user “to escalate privileges and take over the device,” Vincent Sritapan, a program manager at the Department of Homeland Security’s Science and Technology Directorate told Fifth Domain during the Black Hat conference in Las Vegas. The vulnerabilities are built into devices before a customer purchases the phone.
So far we don’t know the names and models of the affected phones. Smartphone manufacturers were first warned in February. More details are expected to be released to the public later this week.
I’m curious if this affects unlocked phones that are purchased directly from the manufacturer, or just phones sold through carriers. It sounds like it might be the latter.