BlackBerry Ltd (NASDAQ:BBRY) smartphones are also susceptible to a mode of attack using the same mechanism phone manufacturers use to roll out software updates and execute network administration tasks, researchers have revealed at the Black Hat conference on Thursday.
Mathew Solnik and Marc Blanchou who work as research consultants with Accuvant Labs said that Android, BlackBerry Ltd (NASDAQ:BBRY) and some Apple Inc. (NASDAQ:AAPL) smartphones can be attacked by using the Open Mobile Alliance Device Management (OMA-DM) protocol.
For smartphones like those made by BlackBerry Ltd (NASDAQ:BBRY) to be taken over, the attacker needs to know the device’s International Mobile Station Equipment Identity (IMEI) number and the network’s secret token. The researchers also said that it is not that difficult to obtain IMEI numbers and carrier tokens when one just analyzes network setups and the operating systems of devices.
To demonstrate the OMA-DM attack, the researchers used a base station to broadcast a WAP message to a device. This message reportedly uploads code to the phone which then lets attackers control the phone without the attack being apparent to the owner of the phone.
In the demonstration to prove Android, BlackBerry Ltd (NASDAQ:BBRY) and some Apple Inc. (NASDAQ:AAPL) phones can be hacked into using the technique, Solnik and Blanchou used a base station and set it to the lowest power setting. After asking the audience to turn off their phones, the duo claimed that over 70 devices were still detected to be ready to be exploited.
According to the Accuvant researchers, Android is the most open to being attacked. BlackBerry Ltd (NASDAQ:BBRY) phones, they said, are also generally open to this mode of infiltration. Meanwhile, iOS devices are harder to gain control of. Nonetheless, some Sprint’s iPhone are said to be vulnerable to wireless attacks using their method, while some iPhones could be infiltrated if their user mistakenly accepts a fake update.
In an earlier report from Wired, one of the phones the duo identified to have been the most open to the attack is the BlackBerry Z10.
Watch a demonstration of the attack in the two videos below.