A newly discovered anomaly that exists in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones, may leave mobile phones and key parts of the world's telecommunications infrastructure vulnerable to hacker attacks, making it possible to eavesdrop or disrupt entire networks, security experts warned.
Although exploiting the vulnerability would require great skill and resources, attackers who manage to break in will be able to execute malicious code on virtually all of those devices.
“These issues can be exploited by someone with access to the mobile network and may also be exposed to an attacker operating a malicious cell network, using products like the Stingray or open source software like OsmocomBB,” Security expert HD Moore, who is principal at a firm called Special Circumstances, said.
The flaw also has the potential to put carrier equipment at risk if attackers figured out how to modify carrier traffic in a way that was able to exploit the vulnerability and execute malicious code. “A carrier-side attack would require a lot more effort and funding than targeting the mobile phone basebands,” Moore said. "For specific attack scenarios, carriers may be able to block the traffic from reaching the vulnerable components, similar to how SMS filtering is done today.”
Dan Guido, an expert in cellular phone security and the CEO of Trail of Bits also agreed that the vulnerability will be hard to exploit, but Moore said the fault is serious as code library that harbors the flaw is the backbone of today's mobile telephone system.
As of now, only gear from hardware manufacturer Qualcomm is known to be affected, according to the advisory issued by the Department of Homeland Security-backed CERT. Researchers are examining other manufacturers—including AT&T, BAE Systems, Broadcom, Cisco Systems, Deutsche Telecom, and Ericsson—if those are affected too. For the moment, there's little end users can do to insulate themselves from the threat other than to monitor advisories from device makers and carriers.