Kryptowire researchers funded by the Department of Homeland Security reportedly have spotted vulnerabilities built into phones at all major US carriers.
Mobile devices used by Verizon, AT&T, T-Mobile, Sprint and other carries were found to contain serious vulnerabilities, DHS programme manager Vincent Sritapan told Fifth Domain at the Black Hat security conference in Las Vegas on Tuesday.
The vulnerabilities aren't limited to the US, and because of the scope of the flaw, it is possible that government officials are also at risk.
Researchers spotted a backdoor which could allow attackers to access users' data, emails and text messages without user knowledge, or allow attackers to escalate privileges and take over a device. The investigation was first triggered when researchers discovered vulnerabilities in the Blu phone company.
The DHS hasn't named the manufacturers, but said they were notified as early as February, and the researchers are expected to release more details later this week.