But, as an Android user, we should stay cautious of the text
messages that land up in the inbox, as a major security vulnerability in
the Android operating system has left a billion phones vulnerable to getting
hacked, by a plain and simple text message.
Check Point Research, the threat intelligence arm of Check Point
Software Technologies Ltd. has revealed that there is ‘a security flaw in
Samsung, Huawei, LG, Sony and other Android-based phones that leave users
vulnerable to advanced hacking attacks’.
The security firm claims that the hack works by making use of
the over the air (OTA) method which is used by mobile network operators to
update the new devices joining their networks, also known as an OMA CP message.
This method involves limited authentication methods.
Hackers working remotely can
enter this route and can send you a deceptive OMA CP message to your Android
phones. The message can lead users into accepting malicious settings that would
start to route the phone’s incoming and outgoing Internet traffic through a
proxy server owned by the hacker. And to the surprise, the user would not even
realize what is happening, and the hacker can access the data on the phone.
“Researchers determined that certain Samsung phones are the most
vulnerable to this form of phishing attack because they do not have an
authenticity check for senders of OMA CP messages. The user only needs to
accept the CP and the malicious software will be installed without the sender
needing to prove their identity,” says Check Point Research.
The researchers also claim that
some companies like Huawei, LG, and Sony use authentication form but the hacker
only need the International Mobile Subscriber Identity (IMSI) of the user to
confirm their identity -- which is easily accessible to the attacker by
creating a rogue Android app that reads a phone’s IMSI once installed or the
an attacker can simply bypass the need for an IMSI by sending the user a text
message posing as the network operator and asking them to accept a
pin-protected OMA CP message. If the user then enters the provided PIN number
and accepts the OMA CP message, the CP can be installed without an IMSI.
Researchers also stated that companies like Samsung, Huawei, LG
are doing their best to fix this phishing flow in their security maintenance,
till then we have to keep an open eye to these malicious messages and hacking
techniques.
1 Comments
Hey guys, my name is Imelda Daher from Philippines but reside in America i am very happy that i was able to be online last week when Janet posted on YouTube that she has finally gotten what she wanted for her marriage life after all the stress she went through trying to hack into our husbands phone herself.. So after that I decided to try and see if it’s gonna work or still the same thing I see online everyday so I contacted Michael as i was referred to by Janet to his email which I did and got his direct telephone number as well too and believe me he did a good job for me that I was shocked when I got the information I needed that my dear husband for 10 year of marriage has a baby mama in Sweden. thanks to Seth Lawson for this great job even if it’s gonna break my home its better than been fooled for the rest of my life. sentryinthewires@protonmail.ch by Janet and he did a good and fast job for me in less than 48hrs...he made available phone hack, chat histories, present chats and pictures too...You can also contact him for all sorts of mobile remote hacking jobs like he told me. Good luck to everyone who really wanna work with him and put a stop to the entire nightmare.
ReplyDeleteIf you are new then follow my website for daily Technology news and best smartphone reviews stay tuned with TGN.
Emoji