tech2 News StaffSep 06, 2019 15:43:05 IST
A new security flaw in Android smartphones has come into light recently that makes users vulnerable to hackers. This exploit allows them to enter smartphones just by using a text message.
The flaw was reported by Check Point Research to exist in the Android mobile operating system of brands such as Samsung, Huawei, LG, Sony and others. It's being called a case of "advanced phishing attack".
How does it work? Let's take a deep dive.
As per the report, the affected smartphones use over-the-air (OTA) provisioning through which network operators send network-specific settings when a new phone joins the network. Although the report states that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), includes only limited authentication methods, the thing is remote agents can still take advantage here. They can send a deceptive OMA CP message to users and once the user accepts it, it can be dangerous since it could route their internet traffic to the hacker's proxy server.
The report also reveals that Samsung devices are the most vulnerable to such tricks as they do not have an authenticity check for senders of OMA CP messages. Once the hacker sends the OMA CP message and if the user unknowingly accepts it, any malicious software can be installed on the device.
On the other hand, other brands such as Huawei, LG and Sony phones do have a proper authentication process but still, hackers just need an International Mobile Subscriber Identity (IMSI) of the recipient to verify their identity. And how difficult is it to get this IMSI ID? Not much.
Hackers can get the IMSI ID in a lot of ways that include making an Android app that gets access to the users' IMSI ID once it is installed in the device.
The report says that it isn't necessary for a hacker to get the IMSI ID. They can even take the other way around. They can send a text message as a network operator and ask the users to accept a "pin-protected OMA CP message". Once the user enters the given pin as asked, it will automatically let the hacker install any malicious software.
As per the report, LG acknowledged this flaw and released a fix and Huawei is also expected to introduce a fix to this issue in its upcoming Mate series or P series. On the other hand, Sony did not acknowledge this security flaw yet.
The Great Diwali Discount!
Unlock 75% more savings this festive season. Get Moneycontrol Pro for a year for Rs 289 only.
Coupon code: DIWALI. Offer valid till 10th November, 2019 .