Samsung, LG, Huawei and other Android phones vulnerable to SMS phishing attacks: Researchers | Tech News

Samsung, LG, Huawei and other Android phones vulnerable to SMS phishing attacks: Researchers

Researchers at the cybersecurity firm said certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of Open Mobile Alliance Client Provisioning (OMA CP) messages.

By: INDO ASIAN NEWS SERVICE
| Updated on: Aug 20 2022, 16:39 IST
Advanced SMS phishing attacks affecting Android phones
Advanced SMS phishing attacks affecting Android phones (Checkpoint)

A security flaw in Samsung, LG, Sony, Huawei and other Android smartphones has been discovered that leaves users vulnerable to advanced SMS phishing attacks, Check Point Research -- the threat intelligence arm of cybersecurity firm Check Point Software Technologies Ltd. said on Thursday.

Researchers at the cybersecurity firm said certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of Open Mobile Alliance Client Provisioning (OMA CP) messages.

You may be interested in

MobilesTablets Laptops
3% OFF
Samsung Galaxy Z Fold5
  • Icy Blue
  • 12 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
5% OFF
Samsung Galaxy A25 5G
  • Blue Black
  • 8 GB RAM
  • 128/256 GB Storage
10% OFF
Samsung Galaxy A15 5G
  • Blue Black
  • 6/8 GB RAM
  • 128/256 GB Storage

"Given the popularity of Android devices, this is a critical vulnerability that must be addressed. Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air (OTA) provisioning.

Also read
Looking for a smartphone? To check mobile finder click here.

"When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source. By clicking 'accept', they could very well be letting an attacker into their phone," Slava Makkaveev, Security Researcher, Check Point Software Technologies, said in a statement.

The affected Android phones use OTA provisioning, through which cellular network operators can deploy network-specific settings to a new phone joining their network.

However, researchers at Check Point found that the industry standard for OTA provisioning -- the OMA CP, includes limited authentication methods and remote agents can exploit this to pose as network operators and send deceptive OMA CP messages to users.

The message tricks users into accepting malicious settings that route their Internet traffic through a proxy server owned by the hacker.

The findings were disclosed to the affected vendors in March; Samsung included a fix addressing this phishing flaw in their Security Maintenance Release for May (SVE-2019-14073), LG released their fix in July (LVE-SMP-190006), and Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones.

However, Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 05 Sep, 17:56 IST
NEXT ARTICLE BEGINS