AUSTIN, Texas—Experts are warning that a new vulnerability could allow attackers to take control of mobile phones and key parts of the world's telecommunications infrastructure, making it possible to eavesdrop or disrupt entire networks, Ars Technica reported.
The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones. “Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One,” Ars Technica said.
"The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources. These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network,” researchers who discovered the flaw wrote in an advisory, Ars Technica said.
Security expert HD Moore, principal at Special Circumstances, described the flaw to Ars Technica as a "big deal" because of the breadth of gear that are at risk of complete takeover.
"The baseband vulnerabilities are currently biggest concern for consumers, as successful exploitation can compromise the entire device, even when security hardening and encryption is in place," he told the publication. "These issues can be exploited by someone with access to the mobile network and may also be exposed to an attacker operating a malicious cell network, using products like the Stingray or open source software like OsmocomBB."
The library flaw also has the potential to put carrier equipment at risk if attackers figured out how to modify carrier traffic in a way that was able to exploit the vulnerability and execute malicious code, Moore told the website, adding that the threat posed to carriers is probably smaller given the challenges of testing an exploit on the specific equipment used by a targeted carrier and the difficulty of funneling attack code into the vulnerable parts of its network.