Check Point Research has uncovered a privacy breach in Samsung, Huawei, LG, Sony and other Android-based devices that leaves users susceptible to severe phishing attacks.
Cybersecurity professionals alerted yesterday about malicious software in text messages claimed to be from telecommunications carriers, leaving the door open for hackers to attack Android smartphones.
As per the report, the phishing ploy leverages over-the-air (OTA) provisioning — a strategy often used by telecommunications operators to implement carrier-specific settings on new devices — to intercept all email or internet traffic to and from Android phones using specially crafted fake SMS messages. The message tricks customers into accepting malicious configurations that can, for instance, direct all of their Internet traffic through an attacker’s proxy server and allow the attacker to read messages.
Samsung phones have been identified to be at the most danger of assault as they do not have an authenticity check. The user only requires to acknowledge a message to install the malicious software without the sender having to affirm their identity.
Security researcher at Check Point Software Technologies, Slava Makkaveev said, “Given the popularity of Android devices, this is a critical vulnerability that must be addressed.” It was also said that this threat was first detected in March 2019 and shortly after that, the company informed the affected manufacturers.
Up to this point, Samsung and LG have attended the issue in their Security Maintenance Release for May and July respectively. Huawei is set to launch its patch in the next generation of Mate and P-series smartphones. While as per reporters, Sony refused to acknowledge the vulnerability, saying that their devices follow the OMA CP specification.