DHS hasn't specified which manufacturers are involved, but a source has revealed that "millions" of US customers are at risk. DHS program manager Vincent Sritapan told Fifth Domain that the vulnerability could "escalate privileges and take over the device" without the device owner's knowledge, and said that it would be difficult to tell whether the flaw has been exploited.

The manufacturers involved were allegedly alerted to the issue as early as February, when the flaw came to light following Kryptowire's research into the Blu phone company. The team is expected to release more details later this week, but if the issue is as pervasive as initial reports suggest, US cell phone carriers have a major problem on their hands. Engadget has reached out to Verizon, AT&T, T-Mobile and Sprint for comment.