News Security

Security Flaw Leaves Android Smartphones Vulnerable to Advanced SMS Phishing Attacks: Check Point

Check Point Research has revealed a security flaw in Samsung, Huawei, LG, Sony and other Android-based phones that leaves users vulnerable to advanced phishing attacks.

The affected Android phones use over-the-air (OTA) provisioning, through which cellular network operators can deploy network-specific settings to a new phone joining their network. However, Check Point Research found that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), includes limited authentication methods. Remote agents can exploit this to pose as network operators and send deceptive OMA CP messages to users. The message tricks users into accepting malicious settings that, for example, route their Internet traffic through a proxy server owned by the hacker.

Given the popularity of Android devices, this is a critical vulnerability that must be addressed. Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air provisioning. When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source. By clicking ‘accept’, they could very well be letting an attacker into their phone. ”

Slava Makkaveev, Security Researcher, Check Point Software Technologies.

Related posts

AI-Driven Observability Critical to Mitigating $2.2M/Hour Outages in BFSI Sector

enterpriseitworld

TCS Deepens SAP Partnership to Accelerate GenAI and Cloud Adoption for Global Enterprises

enterpriseitworld

emma & noah Deploys Centric PLM to Enable Scalable, Compliant Growth Across Europe

enterpriseitworld