Half of the Android phones worldwide are vulnerable to piracy
Checkpoint researchers have discovered a new type of hacking and phishing attacks targeting Android phones that can trick users into installing malicious settings on their devices via fake messages.
The researchers found that the attacks were successful for most modern Android phones, and given that Samsung, Huawei, LG and Sony account for more than 50% of all Android phones, it is clear that the scope of the attack is much wider.
The flaw also allows hackers to steal users’ e-mail addresses via fake (SMS) messages designed specifically to intercept outgoing and incoming e-mail to Android phones.
The report showed that anyone connected to a cellular network can be targeted, not just users connected to the wireless Internet “Wi-Fi”.
Pirates are just one push away
“Given the popularity of Android devices, this is a critical gap that needs to be addressed,” said Slava Makavev, a security researcher at Check Point Software Technologies.
“Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through remote provisioning. When a user receives an ‘OMA CP’ message, they will have no way of knowing whether it is from a trusted source. By clicking” Accept, “they can leave an attacker in their phone.”
“People should be very careful whenever they receive an unwanted text message asking them to enter a PIN code or other authorization, even if it appears to be coming from a telecommunications company,” said McAfee.
If any user receives something like this, they should immediately call the carrier through their customer service number and ask if this is legitimate.
Did companies address their vulnerability immediately?
Checkpoint researchers uncovered an Android vulnerability among manufacturers last March. Surprisingly, companies did not respond immediately to this serious flaw. For its part, Samsung included a fix in the security maintenance release last May, while LG released its repair after a full four months in July.
Its customers are leaving users unreported and has announced that it plans to include fixes in the next generation of the Mate or P series smartphones, but Sony still has to refuse to acknowledge the vulnerability.