News Security

Security Flaw Leaves Android Smartphones Vulnerable to Advanced SMS Phishing Attacks: Check Point

Check Point Research has revealed a security flaw in Samsung, Huawei, LG, Sony and other Android-based phones that leaves users vulnerable to advanced phishing attacks.

The affected Android phones use over-the-air (OTA) provisioning, through which cellular network operators can deploy network-specific settings to a new phone joining their network. However, Check Point Research found that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), includes limited authentication methods. Remote agents can exploit this to pose as network operators and send deceptive OMA CP messages to users. The message tricks users into accepting malicious settings that, for example, route their Internet traffic through a proxy server owned by the hacker.

Given the popularity of Android devices, this is a critical vulnerability that must be addressed. Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air provisioning. When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source. By clicking ‘accept’, they could very well be letting an attacker into their phone. ”

Slava Makkaveev, Security Researcher, Check Point Software Technologies.

Related posts

Chandresh Dedhia joins Zepto as Head IT

enterpriseitworld

2025 Predictions by NeoSOFT – Technology and Innovation Industry Trends

enterpriseitworld

IceWarp Commands 60% Market Share in India’s Top Pharmaceutical and Healthcare Sector

enterpriseitworld
x