The researcher Ralf-Phillip Weinmann , managing director at security firm Comsecuris , has disclosed Vulnerability-related.DiscoverVulnerability a zero-day baseband vulnerability affecting Vulnerability-related.DiscoverVulnerability Huawei smartphones , laptop WWAN modules , and IoT components . Baseband is firmware used on smartphones to connect to cellular networks , to make voice calls , and transmit data . An attacker can exploit baseband flaws to eavesdrop Attack.Databreach mobile communications , take over the device making calls and sending SMS messages to premium numbers or to exfiltrate Attack.Databreach data . The expert revealed Vulnerability-related.DiscoverVulnerability the flaw this week at the Infiltrate Conference , the vulnerability could be exploited Vulnerability-related.DiscoverVulnerability by attackers to execute a memory-corruption attack against affected devices over the air . Fortunately , the attack is quite difficult to conduct . The baseband vulnerability resides in Vulnerability-related.DiscoverVulnerability the HiSilicon Balong integrated 4G LTE modems . The Balong application processor is called Kirin , it is produced by the Hisilicon Technologies , a subsidiary of Huawei Technologies . The affected firmware is present in several Huawei Honor smartphones , including the P10 , Huawei Mate 9 , Honor 9 , 7 , 5c and 6 . Weinmann believes that millions of Honor smartphones could be exposed to the to attack . Weinmann presented Vulnerability-related.DiscoverVulnerability multiple baseband vulnerabilities found in Vulnerability-related.DiscoverVulnerability the Kirin application processor . The expert also revealed that many laptops produced by IT vendors leverage the HiSilicon Balong integrated modem , such as a number IoT devices . “ This baseband is much easier to exploit than other basebands . Why ? I ’ m not sure if this was intentional , but the vendor actually published the source code for the baseband which is unusual , ” Weinmann said . “ Also , the malleability of this baseband implantation doesn ’ t just make it good for device experimenting , but also network testing. ” Weinmann speculates HiSilicon may have wrong released the Kirin source code as part of a developer tar archive associated with the Huawei H60 Linux kernel data . Weinmann demonstrated several attack scenarios against mobile phones . A first attack scenario presented by the researcher involves setting up a bogus base station using open-source software called OpenLTE that is used by an attacker to simulate a network operator . The attacker can send specially crafted packets over the air that trigger a stack buffer overflow in the LTE stack causing the phone crashing . Once the phone rebooted an attacker can gain persistence installing a rootkit . In a second attack scenario , the attacker with a physical access to the phone and private key pair data would install malicious tools on the firmware . “ It requires key material that is stored both by the carrier and on the SIM card in order to pass the mutual authentication between the phone and the network . Without this key material , a base station can not pose as a legit network towards the device. ” Weinmann used for its test his own VxWorks build environment using an evaluation version of VxWorks 7.0 that shipped with Intel Galileo several years ago . The expert explained that the existence of a Lua scripting interpreter running in the baseband gives him further offensive options . Weinmann did not disclose the technical details to avoid threat actors in the wild will abuse his technology . “ I have chosen to only disclose lower-severity findings for now . Higher severity findings are in the pipeline. ” Weinmann said .

This file photo taken on August 13 , 2008 shows a man walking over the seal of the Central Intelligence Agency ( CIA ) in the lobby of CIA Headquarters in Langley , Va. Wikileaks ' latest data dump Attack.Databreach , the `` Vault 7 , '' purporting to reveal the Central Intelligence Agency 's hacking tools , appears to be something of a dud . If you did n't know before that spy agencies could apply these tools and techniques , you 're naive , and if you think it undermines the attribution of hacker attacks on the Democratic National Committee and other targets , you 'll be disappointed . On the surface , the dump Attack.Databreach — touted by Wikileaks as the biggest ever publication of confidential CIA documents — offers some explosive revelations . They 're all over the news pages : The CIA is able to use your Samsung smart TV to eavesdrop Attack.Databreach on you ! The CIA can get into your iPhone or Android device , as well as your Windows , Mac or Linux PC , and harvest Attack.Databreach your communications before they are encrypted ! No encryption app — not even the Edward Snowden favorite , Signal , or WhatsApp , which uses the same encryption — is safe ! The CIA hoards `` zero day '' vulnerabilities — weaknesses not known to the software 's vendors — instead of revealing Vulnerability-related.DiscoverVulnerability them to the likes of Google , Apple and Microsoft ! CIA hackers use obfuscation tools to pretend its malware was made by someone else , including Russian intelligence ! There 's even a Buzzfeed story quoting current and former U.S. intelligence officers that the dump is `` worse than Snowden 's . '' There is little content in the dump to support these panicky reactions . Nothing in it indicates that the CIA has broken messenger encryption , as Open Whisper Systems , the software organization responsible for Signal , has been quick to point out . The CIA can read Attack.Databreach messenger communications only if it plants malware on a specific phone or computer ; then it can harvest Attack.Databreach keystrokes and take screenshots . This is not about mass surveillance — something that should bother the vast majority of internet users — but about monitoring specific targets . Open Whisper Systems tweeted on March 7 : `` Ubiquitous e2e encryption is pushing intelligence agencies from undetectable mass surveillance to expensive , high-risk , targeted attacks . '' It 's not much of a secret that using a hacked phone or computer renders end-to-end encryption useless . It was the essence of Apple 's dispute with the Federal Bureau of Investigation last year , when the company would n't help the FBI get into a phone owned by San Bernardino shooter Syed Rizwan Farook . The Big Brother-style implications of a hacked Samsung TV are undermined by the nature of the documents that describe the hack . The CIA needs physical access to the TV set to weaponize it . Robert Graham , founder of Errata Security , wrote on the firm 's blog : `` The docs are clear that they can update the software running on the TV using a USB drive . There 's no evidence of them doing so remotely over the Internet . If you are n't afraid of the CIA breaking in an installing a listening device , then you should't be afraid of the CIA installing listening software . '' The Wikileaks cache contains a manual for CIA hackers on making their malware harder to trace , for example , by adding foreign languages . Wikileaks also said that the CIA `` collects Attack.Databreach and maintains a substantial library of attack techniques ' stolen Attack.Databreach ' from malware produced in other states including the Russian Federation . '' The library , however , contains all sorts of publicly available malware , as well as samples tentatively attributed to foreign intelligence services ; all that does is confirm that hackers , including CIA ones , are n't picky about the origins of the products they use . The important thing is that the malware should work . This should n't affect serious attempts to attribute hacker attacks . I 'm not sure this is fully understood within the U.S. intelligence community itself — at any rate , the declassified report on Russian hacking it released late last year appeared to base attribution on the use of specific publicly available malware . But industry experts usually need much more evidence . A number of possible Russian attacks were attributed to Moscow 's intelligence services because the attackers used specific command and control centers — servers — to collect Attack.Databreach information from various Russia adversaries . To set up a false flag operation , the CIA would need to go much further than obfuscating the origins of its malicious code . So all the jubilant tweets from Trump supporters declaring the CIA was behind the `` Russian hacks '' are at least premature and probably inaccurate .