Posted by Robert Vamosi on July 19, 2016
A code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones contains a flaw that makes it possible to eavesdrop or disrupt entire networks.
An advisory published Monday evening describes a flaw in the way most systems implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One.
“The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources,” the researchers wrote. “These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier’s network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network.”
The advisory only identifies the flaw within hardware from Qualcomm. Objective Systems has released a “hotfix” that corrects the flaw, however such a patch is hard to administer on millions of pieces of circuitry located all over the world. Ars Technica noted that experts are mixed on the actual impact and remediation.
“The baseband vulnerabilities are currently biggest concern for consumers, as successful exploitation can compromise the entire device, even when security hardening and encryption is in place,” researcher HD Moore said in an e-mail to Ars. “These issues can be exploited by someone with access to the mobile network and may also be exposed to an attacker operating a malicious cell network, using products like the Stingray or open source software like OsmocomBB.”
Dan Guido, an expert in cellular phone security and the CEO of a firm called Trail of Bits, told Ars, “This kind of infrastructure just does not get patches. So [the vulnerability] is a stationary target that others can develop against. It’s easy to set goals towards it.”