Forgot your password?

OMA-DM Exploit Vulnerability Effecting Millions


We originally posted something on this but at the time with little info, however over the past few days we have seen a little more coming out over this issue regarding the OMA-DM (Open Mobile Alliance Device Management) protocol. The Register have picked up some more information on this that has come out of Blackhat 2014.

Security firm Accuvant researchers Mathew Solnik and Marc Blanchou told conference attendees that the problem lies in the Open Mobile Alliance Device Management (OMA-DM) protocol, which is used by about 100 mobile phone manufacturers to deliver software updates and perform network administration.

According to the duo, it’s not actually that hard to get an IMEI number nor several carrier’s secret token. A combination of lazy networks and susceptible operating system versions opens up an extraordinary number of devices to attack, it’s claimed.

Following a WAP message broadcast from a base station, the researchers could wirelessly upload code to a phone, it’s claimed, and then execute the code to exploit memory bugs in the software to gain full control of the device – without any visible signs that skullduggery was going on.

BlackBerry is not immune to this exploit, although no demonstration is shown using a BlackBerry but a Z10 has been noted to have been used, Android is seemingly an open book when it comes to this, iOS was noted to be harder to penetrate.

Some handsets were worse than others, they found. Android was generally wide open to exploits, as was Blackberry and a host of embedded systems, the conference was told. iOS was a tougher nut to crack – most handsets were immune – but some phones run by Sprint could be accessed wirelessly, and others could be vulnerable if the user is tricked into accepting an update.

You can pick two videos posted via the Accuvant youtube channel on them showing the exploit using a phony femtocell.

Over the Air Code Execution and Jailbreak and NIA-Based Lock Screen Bypass

3 total comments on this postSubmit your comment!
  1. One more reason for BlackBerry to directly push software updates without the intrusion of Carriers. Can someone tell me why they haven’t, or can’t do it? BlackBerry updates come 2-4 months later for the US thanks to the carriers, affecting the much needed updates that fix these kind of problems. BB should do it ala Apple…

  2. Agreed! Why are carriers in the loop here? Can they be trusted, especially in certain countries where the main carriers are government controlled?

    A small win for Apple but a loophole BlackBerry must close!

  3. So, what solutions can be offered to fix this problem?
    Apparently there is a carrier involvement here and Sprint seems to be in the spot light.

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC