Advanced phishing tactics can be used to attack Android phone users, cyber security company said Check point in a report published on Wednesday (4). The scam uses fake SMS messages to trick victims into changing device settings that will favor theft of personal data.
According to the report, criminals use the wireless provisioning technique (or OTA). Over the air) is often used by phone operators to deploy specific configurations on new devices to intercept all email traffic on Android phones. False updates to network settings are disguised as SMS messages.
Porn in popular app among teens worries web
Samsung Galaxy S9 one of the models affected by SMS phishing attack Photo: Thssius Veloso / TechTudo
"In these attacks, a remote agent can induce users to accept new phone settings that, for example, direct all Internet traffic through an attacker-controlled proxy," explain researchers Artyom Skrobov and Slava Makkaveev. The vulnerability could be exploited at any time as long as mobile phones are connected to the carrier's network. Wi-Fi connections, however, are not affected.
Experts from Check point managed to apply the attack to the Huawei P10, LG G6, Sony Xperia XZ Premium models and a number of Samsung Galaxy phones, including the S9. All devices accepted SMS messages, even without coming from reliable sources. Of the four brands, which account for more than 50% of Android devices, the easiest to attack was Samsung.
The cybersecurity company has notified device manufacturers of the March problem, and all but Sony have already released patches or intend to fix the vulnerability in the next updates. Samsung and LG fixed the bug in May and July, respectively, in security updates SVE-2019-14073 and LVE-SMP-190006. Huawei, in turn, said it plans to repair the breach in the next generation of Mate or P series smartphones.
According to the report, Sony "declined to acknowledge the vulnerability" and said its devices already meet the required security specifications. O TechTudo contacted the marks mentioned in the original material, and received a response from Samsung, reproduced below.
Samsung takes security seriously and is committed to providing a safe experience for our customers. We developed and issued a security patch via software update in May 2019 to address the issue as soon as Check Point Research warned us. We recommend that all users keep their devices up to date with the latest software to ensure the highest level of protection possible.
The attack described by Check point It is not automatic, since I need to press a button and accept the installation of malicious settings. Therefore, the company directs users to refuse any SMS message that requires the application of new network standards. If features like mobile data stop working, just contact your carrier and request resubmission of the provisioning messages, knowing they are legitimate this time around.
It is also important to be alert when installing anything suspicious or of unknown origin on the mobile phone, especially those delivered via text messages or linked links. Also, always valid to keep an antivirus installed on your device see the best options in 2019.
How to Remove Virus on an Android Phone