|By Business Wire||
|August 6, 2014 02:20 PM EDT||
Accuvant, the authoritative source for enterprise information security, today disclosed at Black Hat USA 2014 details of security vulnerabilities that are exposing mobile phone users to risk. Research scientists Mathew Solnik and Marc Blanchou, both members of the respected Accuvant LABS team, demonstrated the attacks in order to better educate the community on the seriousness of the risks. The vulnerabilities discovered by the pair impact Android, Blackberry and a small number of iOS-based devices, with risk varying by carrier and device make and model.
Mobile phone users should make sure their devices are up to date with the latest patches. If no recent patches have been issued for a device, users should contact their carriers to find out if they are impacted and if a fix is available or has already been implemented. Organizations should leverage their MDM platforms to ensure users adopt the latest version of software for their phones.
“Carriers embed control software into most mobile devices so that they can configure phones for their networks and push over-the-air firmware updates,” said Ryan Smith, Accuvant vice president and chief scientist. “Our researchers – Mathew Solnik and Marc Blanchou – found serious security vulnerabilities in the carrier control software used in a large number of cell phones across platforms and carriers.”
Accuvant has been working diligently to properly disclose its findings to service providers to mitigate the risk. The company that makes the software has issued a fix that solves the problem; baseband manufacturers have written code to implement the fix; and carriers are in the process of distributing the fix to existing phones.
“Security threats have become a daily issue for billions of technology users around the world, so it’s critical to find vulnerabilities of this nature and fix them before they can become a big public concern,” said Christina Richmond, program director, security services, IDC. “Having specialized experts with the capabilities to conduct this kind of security research and educate organizations and consumers on how to fix these issues is essential.”
Dependent upon device and carrier, when exploited the vulnerabilities in this control software may enable attackers to install malicious software; access data; add, delete and run applications; wipe a device; and remotely change the PIN for the screen lock, among other items.
Accuvant is a Black Hat 2014 Platinum Sponsor, and is exhibiting at booth #635.
Accuvant, a Blackstone (NYSE: BX) portfolio company, is the leading provider of information security services and solutions serving enterprise-class organizations across North America. The company offers a full suite of service capabilities to help businesses, governments and educational institutions define their security strategies, identify and remediate threats and risks, select and deploy the right technology, and achieve operational readiness to protect their organizations from malicious attack. Founded in 2002, Accuvant has been named to the Inc. 500|5000 list of fastest growing companies for the last seven consecutive years. The company is headquartered in Denver, Colo., with offices across the United States and Canada. Further information is available at www.accuvant.com.
In her General Session at 15th Cloud Expo, Anne Plese, Senior Consultant, Cloud Product Marketing, at Verizon Enterprise, focused on finding the right mix of renting vs. buying Oracle capacity to scale to meet business demands, and offer validated Oracle database TCO models for Oracle development and testing environments. Anne Plese is a marketing and technology enthusiast/realist with over 19+ years in high tech. At Verizon Enterprise, she focuses on driving growth for the Verizon Cloud platfo...
Dec. 27, 2014 04:00 AM EST Reads: 2,504
Dec. 27, 2014 03:00 AM EST Reads: 1,779
Dec. 27, 2014 03:00 AM EST Reads: 1,788
Dec. 27, 2014 02:00 AM EST Reads: 2,223
Dec. 27, 2014 12:00 AM EST Reads: 2,613
Dec. 26, 2014 04:00 PM EST Reads: 1,872
Dec. 26, 2014 04:00 PM EST Reads: 2,241
Dec. 26, 2014 01:00 PM EST Reads: 2,661
Dec. 26, 2014 01:00 PM EST Reads: 2,088
Dec. 26, 2014 12:30 PM EST Reads: 1,913
Dec. 26, 2014 12:00 PM EST Reads: 1,748
Dec. 26, 2014 11:15 AM EST Reads: 2,402
Dec. 26, 2014 11:00 AM EST Reads: 1,969
Dec. 26, 2014 11:00 AM EST Reads: 2,122
Dec. 26, 2014 11:00 AM EST Reads: 1,850