Phones sold by the four major US carriers could have a major security flaw

Verizon, AT&T, T-Mobile and Sprint might have a big problem.

Customers using devices from four major cell phone carriers could unknowingly be exposing sensitive data to hackers, according to the Department of Homeland Security (DHS). Fifth Domain reports that DHS-funded researchers from mobile security firm Kryptowire have found vulnerabilities in phones used by Verizon, AT&T, T-Mobile and Sprint. The flaws are built into phones by manufacturers, and include a loophole that could exploit data, emails and text messages.

DHS hasn't specified which manufacturers are involved, but a source has revealed that "millions" of US customers are at risk. DHS program manager Vincent Sritapan told Fifth Domain that the vulnerability could "escalate privileges and take over the device" without the device owner's knowledge, and said that it would be difficult to tell whether the flaw has been exploited.

The manufacturers involved were allegedly alerted to the issue as early as February, when the flaw came to light following Kryptowire's research into the Blu phone company. The team is expected to release more details later this week, but if the issue is as pervasive as initial reports suggest, US cell phone carriers have a major problem on their hands. Engadget has reached out to Verizon, AT&T, T-Mobile and Sprint for comment.