Researchers funded by the Department of Homeland Security say that they have discovered major security vulnerabilities likely to affect millions of US smartphones …

The flaws have been found in unspecified phones sold by Verizon, AT&T, T-Mobile, Sprint and other carriers. It seems likely that the affected phones are Android devices, but some vulnerabilities have been found to affect iOS devices also, and the DHS isn’t yet saying one way or the other.

FifthDomain reports that the privilege-escalation flaws allow a complete take-over of devices, including access to emails and text messages without the owner’s knowledge.

The research was conducted by Kryptowire, a Virginia-based mobile security firm and funded through the Critical Infrastructure Resilience Institute, a Department of Homeland Security research center.

The flaws allow a user “to escalate privileges and take over the device,” Vincent Sritapan, a program manager at the Department of Homeland Security’s Science and Technology Directorate told Fifth Domain during the Black Hat conference in Las Vegas.

The vulnerabilities are built into devices before a customer purchases the phone.

Officials have so far declined to name the makes and models of affected phones, but the numbers cited suggest that they will include popular ones. Manufacturers were informed back in February, and it is expected that more details will be revealed to the public later this week.

The research was prompted by the discover of a security flaw in Blu phones last year. Amazon briefly stopped selling the phones following reports of a serious security issue, which was soon dismissed by the company as a ‘false alarm.’ It appears this dismissal may have been premature.

Separately, Reuters reports that Samsung Galaxy S7 phones have been found to be susceptible to the Meltdown vulnerability, which could allow an attacker access to data processed by the CPU. Samsung originally said that it had patched its phones against Meltdown in January and again in July, but it seems that these patches have not proven sufficient.

Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear