Thursday, October 22, 2020
Home Lead Story Advanced SMS Phishing Attacks Affecting Android Phones: Report

Advanced SMS Phishing Attacks Affecting Android Phones: Report

However, Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification

A security flaw in Samsung, LG, Sony, Huawei and other Android smartphones has been discovered that leaves users vulnerable to advanced SMS phishing attacks, Check Point Research — the threat intelligence arm of cybersecurity firm Check Point Software Technologies Ltd. said on Thursday.

Researchers at the cybersecurity firm said certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of Open Mobile Alliance Client Provisioning (OMA CP) messages.

“Given the popularity of Android devices, this is a critical vulnerability that must be addressed. Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air (OTA) provisioning.

“When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source. By clicking ‘accept’, they could very well be letting an attacker into their phone,” Slava Makkaveev, Security Researcher, Check Point Software Technologies, said in a statement.

The affected Android phones use OTA provisioning, through which cellular network operators can deploy network-specific settings to a new phone joining their network.

americans, inactive
FILE – A worker sits a computer at the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Aug. 22, 2018. VOA

However, researchers at Check Point found that the industry standard for OTA provisioning — the OMA CP, includes limited authentication methods and remote agents can exploit this to pose as network operators and send deceptive OMA CP messages to users.

The message tricks users into accepting malicious settings that route their Internet traffic through a proxy server owned by the hacker.

Also Read: Lenovo Launches Three New Smartphones in India

The findings were disclosed to the affected vendors in March; Samsung included a fix addressing this phishing flaw in their Security Maintenance Release for May (SVE-2019-14073), LG released their fix in July (LVE-SMP-190006), and Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones.

However, Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification. (IANS)

STAY CONNECTED

19,120FansLike
362FollowersFollow
1,782FollowersFollow

Most Popular

9 Traditional Indian Folk Theatre Forms that You Need to Know

BY NEHA HEGDE The folk or traditional arts of India have been used for moral, religious, and socio-political purposes from ancient times. It must also...

COVID-19 Can Lead to Infertility in Men, says Study

COVID-19 can cause male infertility by harming the testicular cells which produce sperms thereby making it difficult to make the female pregnant, says a...

Fashion Trends to Look Your Best in this Festive Season

It's a time to pause, to relook, to rethink - It's the time to revive the spirits. This year festivities will not be like...

Perfect Hairstyle Tips for the Festive Celebrations

It's Durga Puja time! It's the most awaited period of the year for many of us. And if you are among the ones who...

Proper Ventilation Key Factor to Prevent COVID Spread

New research adds to the growing body of evidence that effective or proper indoor ventilation may be a key factor in preventing the spread...

The 21-Day Immunity Plan To Follow: Book Review

With 80 percent of chronic disease attributable to lifestyle and linked environmental factors and within the lifestyle hierarchy, poor diet being the most important...

Tattoos May Impair Natural Sweating and Cause Overheat of Body

Researchers have found that tattoos may impair natural sweating, potentially causing the body to overheat if the tattoos cover a large area of the...

Amazon Allowing Work From Home Untill June 2021

Amazon is allowing its corporate employees to avail of the work from home option, if their roles permit, till June 2021. Amazon had earlier said...

Recent Comments