Sunday December 15, 2019
Home Lead Story Advanced SMS ...

Advanced SMS Phishing Attacks Affecting Android Phones: Report

However, Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification

0
//
Data,Privacy
A French soldier watches code lines on his computer during the International Cybersecurity forum in Lille, northern France, Jan. 23, 2018. VOA

A security flaw in Samsung, LG, Sony, Huawei and other Android smartphones has been discovered that leaves users vulnerable to advanced SMS phishing attacks, Check Point Research — the threat intelligence arm of cybersecurity firm Check Point Software Technologies Ltd. said on Thursday.

Researchers at the cybersecurity firm said certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of Open Mobile Alliance Client Provisioning (OMA CP) messages.

“Given the popularity of Android devices, this is a critical vulnerability that must be addressed. Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air (OTA) provisioning.

“When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source. By clicking ‘accept’, they could very well be letting an attacker into their phone,” Slava Makkaveev, Security Researcher, Check Point Software Technologies, said in a statement.

The affected Android phones use OTA provisioning, through which cellular network operators can deploy network-specific settings to a new phone joining their network.

americans, inactive
FILE – A worker sits a computer at the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Aug. 22, 2018. VOA

However, researchers at Check Point found that the industry standard for OTA provisioning — the OMA CP, includes limited authentication methods and remote agents can exploit this to pose as network operators and send deceptive OMA CP messages to users.

The message tricks users into accepting malicious settings that route their Internet traffic through a proxy server owned by the hacker.

Also Read: Lenovo Launches Three New Smartphones in India

The findings were disclosed to the affected vendors in March; Samsung included a fix addressing this phishing flaw in their Security Maintenance Release for May (SVE-2019-14073), LG released their fix in July (LVE-SMP-190006), and Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones.

However, Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification. (IANS)

Next Story

37% Computers that Collect Biometric Data Face Hacking Attempts: Report

1 in 3 biometric data computers face hacking attempts

0
data hacking
One in three computers that collect biometric data have faced many hacking attempts. Pixabay

One in three computers (37 per cent) engaged in collecting biometric data globally faced hacking attempts in the third quarter of this year, a new report said on Friday.

The devices — servers and workstations — use to collect, process and store biometric data (such as fingerprints, hand geometry, face, voice and iris templates).

Overall, a significant number of conventional malware samples were blocked, including modern remote-access Trojans (5.4 per cent), malware used in phishing attacks (5.1 per cent), ransomware (1.9 per cent), and Trojan bankers (1.5 per cent), said the team from cybersecurity firm Kaspersky ICS CERT.

“The existing situation with biometric data security is critical and needs to be brought to the attention of industry and government regulators, the community of information security experts, and the general public,” said Kirill Kruglov, senior security expert, Kaspersky ICS CERT.

Biometric data
The existing situation with biometric data security is critical. Pixabay

An analysis of threat sources showed that Internet is the main source of threats for biometric data processing systems — threats with this source were blocked on 14.4 per cent of all biometric data processing systems.

This category includes threats blocked on malicious and phishing websites, along with web-based email services.

“Though we believe our customers are cautious, we need to emphasize that infection caused by the malware we detected and prevented could have negatively affected the integrity and confidentiality of biometric processing systems,” Kruglov added.

Threats blocked in email clients were ranked third (6.1 per cent — in most cases these were typical phishing emails (fake messages on the delivery of goods and services, the payment of invoices, etc.) containing links to malicious websites or attached office documents with malware.

Also Read- Uber Launches Campaign for Women and Youth in India

Like many other technologies that have lately been rapidly evolving, biometric authentication systems have proved to have significant generic drawbacks.

“The key shortcomings of biometric authentication technologies are usually cause by information security issues,” said the report. (IANS)