Tuesday, April 20, 2021
Home Lead Story Advanced SMS Phishing Attacks Affecting Android Phones: Report

Advanced SMS Phishing Attacks Affecting Android Phones: Report

However, Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification

A security flaw in Samsung, LG, Sony, Huawei and other Android smartphones has been discovered that leaves users vulnerable to advanced SMS phishing attacks, Check Point Research — the threat intelligence arm of cybersecurity firm Check Point Software Technologies Ltd. said on Thursday.

Researchers at the cybersecurity firm said certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of Open Mobile Alliance Client Provisioning (OMA CP) messages.

“Given the popularity of Android devices, this is a critical vulnerability that must be addressed. Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air (OTA) provisioning.

“When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source. By clicking ‘accept’, they could very well be letting an attacker into their phone,” Slava Makkaveev, Security Researcher, Check Point Software Technologies, said in a statement.

The affected Android phones use OTA provisioning, through which cellular network operators can deploy network-specific settings to a new phone joining their network.

americans, inactive
FILE – A worker sits a computer at the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Aug. 22, 2018. VOA

However, researchers at Check Point found that the industry standard for OTA provisioning — the OMA CP, includes limited authentication methods and remote agents can exploit this to pose as network operators and send deceptive OMA CP messages to users.

The message tricks users into accepting malicious settings that route their Internet traffic through a proxy server owned by the hacker.

Also Read: Lenovo Launches Three New Smartphones in India

The findings were disclosed to the affected vendors in March; Samsung included a fix addressing this phishing flaw in their Security Maintenance Release for May (SVE-2019-14073), LG released their fix in July (LVE-SMP-190006), and Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones.

However, Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification. (IANS)

STAY CONNECTED

19,517FansLike
362FollowersFollow
1,773FollowersFollow

Most Popular

Nanking Massacre: The Holocaust

By- Khushi Bisht The Nanking Massacre, also known as the Rape of Nanking, was one of the worst massacres committed during the Sino-Japanese war that...

‘Child Of Two Worlds’ Featuring The Protagonists And Immortal Lovers

Turkey-based author Ann D'Silva has launched her new book "Child of Two Worlds", which is second in the fictional 'Sand and Sea' series, which...

Now Transfer Posts And Notes To Google Docs And WordPress Directly

Facebook on Monday introducing two new data portability types that will help users directly transfer their posts and notes to Google Documents, Blogger, and...

Lyricist Mehboob: The Line Between Film Music And Indie Music Has Blurred Lately

The line between film music and indie music has blurred lately, feels noted lyricist Mehboob, who has over 25 years of experience in the...

OTT Projects Based On Books

With OTT platforms experimenting with genres and content, there are a host of projects that are based on books. Lately, we have already had...

Something Screened On Your Phone Can Not Erase A Huge Screen, Says Boman Irani

Good writing is the need of the hour, feels actor Boman Irani, to sustain audience interest at a time when OTT provides a surfeit...

The Truth Behind Why Airliners Don’t Fly Over Tibet

BY- JAYA CHOUDHARY Airplanes can fly for thousands of kilometers across the globe. Rockets have landed men on the moon and Elon Musk plans to...

Symptoms Affecting Daily Life Post Covid Recovery

Are you a Covid-19 survivor, but still feel fatigued and not having fully recovered? You may be experiencing what is known as "Long Covid"....

Recent Comments