Your Android Phone Could be Hacked by a Single Text Message
Electronics & Gadgets  
news18

That makes it more than a billion Android phones globally, including those made by Samsung and Huawei, which are at the risk of being hacked by text messages.

 

As it turns out, you should be wary of the text messages that land up in the inbox in your Android phone. A major security vulnerability in the Android operating system has left a billion phones vulnerable to getting hacked, by a plain and simple text message. Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd. has revealed that there is “a security flaw in Samsung, Huawei, LG, Sony and other Android-based phones that leaves users vulnerable to advanced phishing attacks.”
 
The security firm says that the hack works by making use of the over the air (OTA) method that mobile network operators use to update new phones joining their network, also known as an OMA CP message. Researchers say that this method involves limited authentication methods. Therefore, hackers or someone working remotely can exploit this route to pose as a network operator that you have just connected to and send a deceptive OMA CP message to Android phones. The message can then trick users into accepting malicious settings that would start to route the phone’s incoming and outgoing Internet traffic through a proxy server owned by the hacker. The Android phone user would not realize what is happening, and the data in the phone can be accessed by the hacker.
 
“Researchers determined that certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of OMA CP messages. The user only needs to accept the CP and the malicious software will be installed without the sender needing to prove their identity,” says Check Point Research.
 
The research also says that phones made by Huawei, LG, and Sony do have a form of authentication, but hackers only need the International Mobile Subscriber Identity (IMSI) of the recipient’s phone to ‘confirm’ their identity. And it is not difficult for attackers to get their hands on a phone’s IMSI details—this can be done by creating a rogue Android app that reads a phone’s IMSI once it is installed or the attacker can simply bypass the need for an IMSI by sending the user a text message posing as the network operator and asking them to accept a pin-protected OMA CP message. If the user then enters the provided PIN number and accepts the OMA CP message, the CP can be installed without an IMSI.
 

 

“Given the popularity of Android devices, this is a critical vulnerability that must be addressed,” said Slava Makkaveev, Security Researcher at Check Point Software Technologies. Researchers say Samsung included a fix addressing this phishing flow in their Security Maintenance Release for May (SVE-2019-14073), LG released their fix in July (LVE-SMP-190006), and Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones. Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification.

 
 


 
 


 
More in Electronics & Gadgets
Top 07 Best Air Purifiers In India, Delhi (November 2021) | TodayIndya

Best Air Purifiers in India! The need for Air Purifiers is growing every day as the pollution levels are rising all over the years. It is in our hands to give the...

Recently posted . 116 views

Instagram Reportedly Introduces Video Selfie for New User Verification...

Instagram’s video selfie verification process asks users to take a short video while turning their heads.  

Recently posted . 50 views

Top 10 Best Room Heaters In India (2021) – Reviews & Buyer’s Guide

With the advent of winters, the need for room heaters has arrived. In places like Delhi- NCR, North East, and the entire Northern Belt, heaters bec...

Recently posted . 103 views

Facebook Changes Its Name To 'Meta' In Rebranding Exercise

Facebook, Instagram and WhatsApp -- which are used by billions around the world -- will keep their names under the rebranding critics have called an effort to dis...

Recently posted . 175 views

Diwali 2021: 10 best gift ideas with prices starting as low as Rs 500

Diwali 2021: We have prepared a list of 10 gift ideas to make it easier for you to select the best gift for your dear ones.

Recently posted . 79 views

Explained: What Is Facebook Metaverse, And How Does It Work

Facebook has made an announcement that it will soon be employing 10,000 high-skilled workers in Europe to help build its “metaverse," which it considers ...

Recently posted . 86 views

 
 
 

Prashnavali

Thought of the day

A positive attitude can really make dreams come true - it did for me.
David Bailey