Never miss a story

Get subscribed to our newsletter


×
A French soldier watches code lines on his computer during the International Cybersecurity forum in Lille, northern France, Jan. 23, 2018. VOA

A security flaw in Samsung, LG, Sony, Huawei and other Android smartphones has been discovered that leaves users vulnerable to advanced SMS phishing attacks, Check Point Research — the threat intelligence arm of cybersecurity firm Check Point Software Technologies Ltd. said on Thursday.

Researchers at the cybersecurity firm said certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of Open Mobile Alliance Client Provisioning (OMA CP) messages.


“Given the popularity of Android devices, this is a critical vulnerability that must be addressed. Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air (OTA) provisioning.

“When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source. By clicking ‘accept’, they could very well be letting an attacker into their phone,” Slava Makkaveev, Security Researcher, Check Point Software Technologies, said in a statement.

The affected Android phones use OTA provisioning, through which cellular network operators can deploy network-specific settings to a new phone joining their network.


FILE – A worker sits a computer at the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Aug. 22, 2018. VOA

However, researchers at Check Point found that the industry standard for OTA provisioning — the OMA CP, includes limited authentication methods and remote agents can exploit this to pose as network operators and send deceptive OMA CP messages to users.

The message tricks users into accepting malicious settings that route their Internet traffic through a proxy server owned by the hacker.

Also Read: Lenovo Launches Three New Smartphones in India

The findings were disclosed to the affected vendors in March; Samsung included a fix addressing this phishing flaw in their Security Maintenance Release for May (SVE-2019-14073), LG released their fix in July (LVE-SMP-190006), and Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones.

However, Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification. (IANS)


Popular

IANS

As the economy continues to recover from the prolonged pandemic.

By Rohit Vaid
The Centre might bestow infrastructure as well as industry status to new sectors to boost several pandemic hit industries in the upcoming Union Budget. Industry insiders said that several sectors and sub-industries such as hospitality, automobile retail, specific diganotics facilities and companies engaged in installation of EV charging stations amongst others might get the status.
The infra tag will enable these sectors to avail tax breaks, incentives and credit on lower interest rates. "Sectors which are in greenfield or which would need capex augmentation to help them overcome the pandemic can be looked from the lens of an infrastructure sector," said Jagannarayan Padmanabhan, Director and Practice Leader, Transport & Logistics, Crisil Infrastructure Advisory. "Also many of the already identified sectors need a sustained policy push which will help them get visibility both in terms of quantum and the time period of applicability."

Till now, activities associated with laying of power and telecom transmission and distribution lines, roads, highways, railways and construction of facilities such as hospitals, affordable housing, power generation units, water treatment plants, SEZs and certain type of hotels amongst others were given such status.

Besides, these sectors are a part of harmonised master list for infrastructure sub-sectors. However, in April 2021, exhibition-cum-convention centre was included in the list. "Given the focus around electric vehicle, and need for significant investment in charging stations, if the government adds the sector in infrastructure list, the benefits arising out of it will be significant," said Vishal Kotecha, Director, India Ratings and Research. "Infra tag on sectors increases ability to raise funds, access to dedicated funds and lenders, foreign capital, lower interest rates among others."

Electric car Given the focus on electric vehicles, the advantages of including the industry in the infrastructure list will be enormous. Free SVG

Keep Reading Show less
Wikipedia

A team is working to produce safest medicine for covid treatment.

A team led by chief scientist Ravi Shankar, is working on two combinations to provide the safest medication to coronavirus patients. "Experts say that a combination of antivirals with different mechanisms can be more effective to counter the viral pandemic. We are working on two combinations - Umifenovir with Molnupiravir (an antiviral) and Umifenovir with Niclosamide (anti-parasitic)," he said.

Also read: Antiviral Remdesivir Receives FDA

Molnupiravur drug has received only Emergency Use Authorisation in India and abroad. Though its usage showed reduced hospitalisation during clinical trials, its biggest drawback are the side-effects, he added.

"Now, we are trying to keep a low dosage of Molnupiravir in its combination with Umifenovir which may weed out the side-effects such as the risk of cartilage and muscle damage. If successful, it will make Umifenovir more effective in Covid-19 treatment," said the chief scientist. The other combination is Umifenovir with Niclosamide.

Keep Reading Show less
Wikipedia

MEA Jaishankar instructed Indian envoys to Canada and the US, "to urgently respond to the situation."

External Affairs Minister S. Jaishankar on Friday instructed Indian envoys to Canada and the US, Ajay Bisaria and Taranjit Singh Sandhu, "to urgently respond to the situation" where four Indian nationals including an infant have lost their lives on the US-Canada border. The minister said this in a public tweet. Neither of the two missions have responded on the microblogging site till the time of filing of this report.

In a statement Thursday without identifying the victims, the Royal Canadian Mounted Police (RCMP) stated that "on the morning of January 19, 2022, RCMP officers with the Integrated Border Enforcement Team received concerning information from their counterparts in the United States".

Royal Canadian Mounted Police (RCMP) RCMP officers received concerning information from their counterparts in the United States.Wikipedia

Keep reading... Show less