Major smartphone vulnerability found

Staff writer
22 May 2012

A newly-discovered vulnerability affecting at least 48 mobile operators worldwide leaves their smartphone users vulnerable to internet attack traffic, security researchers have warned.

Ars Technica


Some firewall boxes allow hackers to infer this sequence, and this allows cellular internet connections to be hijacked and intercepted, according to researchers from the University of Michigan in the USA.

These researchers were able to hijack Android devices connected to a major mobile operator, including unencrypted connections to services including Facebook and Twitter. They were also able to spoof traffic from the web services - including banking services.

While the exploit was tested on Android, the researchers state that there's no reason it wouldn't work on other devices including iPhones.

TCP sequence numbers were able to be inferred for the firewalls used by 48 of 150 mobile operators tested worldwide. The firewalls were manufactured by major vendors including Cisco, Juniper and Check Point.

The exploit works because the firewall systems are designed to keep track of the sequence numbers, and drop data packets that contain invalid numbers, the researchers have revealed.

Related content

No Comments Yet! Be the first to share what you think!
This website uses cookies
This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.