No specifics were provided on the brand, however

Aug 9, 2018 09:15 GMT  ·  By

Phones sold by four US carriers come with a major vulnerability that exposes them to hackers. This is the finding of a study conducted by Kryptowire and funded by the Department of Homeland Security.

While no specifics were provided on the brands that are affected by the security flaw, Department of Homeland Security officials revealed at the Black Hat conference in Las Vegas that parent companies have already been notified of the bugs as early as February.

Some of them haven’t even replied to the notification, Kryptowire revealed, but at this moment, all phone makers are aware of the glitch.

According to the research, the vulnerability can allow hackers to access all user data, including emails and messages, without them knowing about it. Hackers could easily take over the device, Vincent Sritapan, a program manager at the Department of Homeland Security’s Science and Technology Directorate told Fifth Domain.

Vulnerable phones also sold outside the US

The vulnerable phones are sold by Verizon, AT&T, T-Mobile, and Sprint, but the research claims that the same devices are also available at other carriers and in other countries.

Millions of smartphone users are said to be exposed to hacks, and government officials are likely among them, the study shows, again without sharing any specifics.

There’s no evidence as to whether hackers have already taken advantage of the vulnerability, but researchers promise to reveal more details later this week.

At this point, it’s not yet clear if the security flaw can be blocked at a user level, but the research shows that it affects phones before they are being purchased by customers. Most likely, patching requires firmware updates released by manufacturers, but it’s not yet known if any of the notified brands have developed such fixes.

More information, hopefully including the brands affected by the vulnerability, is expected to be provided later this week.