Hijacking Vulnerability In Smartphones, Many Wireless Carriers Affected
Computer scientists have discovered that at least 47 cellular carriers have a vulnerability in their network which can allow connection hijacking to take place. The vulnerability exists in the firewalls of cellular carriers, whose dropped packets of data can be used to hijack connections, even though they contain invalid TCP sequence numbers. Once hijacked, malicious content can be injected into the traffic flowing between a smartphone and the websites visited with it. This malicious content can range anywhere from the unintended following or posting of Twitter and Facebook messages to the luring of users to fraudulent banking web sites. The discovery of this new avenue of attack has also debunked a common assumption that internet connections over encrypted WiFi or cellular networks are safe for communication. Researchers performed test attacks on Android phones from HTC, Motorola and Samsung and found that connections could be hijacked when the phone was connected to a nationwide carrier which used sequence number checking.