HACKING PHONES WITH SINGLE TEXT
1 BILLON PHONES COULD BE HACKED WITH SINGLE TEXT MESSAGE
A major security vulnerability in the Android operating system has left a billion phones vulnerable to getting hacked, by a plain and simple text message.
Researchers at cybersecurity firm Check Point identified the bug in Android-based phones, revealing that it only takes a single SMS text message to gain full access to a person’s emails.
Around 2.5 billion devices around the world use Google-owned Android, which is the world’s most popular operating system. Any security issues, therefore, can have widespread consequences for users.
The hack works by making use of a technique that mobile network operators use to update new phones joining their network, known as an OMA CP message.
This would allow cybercriminals to view a person’s web history and read their emails.
“When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source,” said Mr. Makkaveev. “By clicking ‘accept’, they could very well be letting an attacker into their phone.”
The research also says that phones made by Huawei, LG, and Sony do have a form of authentication, but hackers only need the International Mobile Subscriber Identity (IMSI) of the recipient’s phone to ‘confirm’ their identity. And it is not difficult for attackers to get their hands on a phone’s IMSI details.
Researchers say Samsung included a fix addressing this phishing flow in their Security Maintenance Release for May (SVE-2019-14073), LG released their fix in July (LVE-SMP-190006), and Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones. Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification.
A major security vulnerability in the Android operating system has left a billion phones vulnerable to getting hacked, by a plain and simple text message.
Researchers at cybersecurity firm Check Point identified the bug in Android-based phones, revealing that it only takes a single SMS text message to gain full access to a person’s emails.
Around 2.5 billion devices around the world use Google-owned Android, which is the world’s most popular operating system. Any security issues, therefore, can have widespread consequences for users.
The hack works by making use of a technique that mobile network operators use to update new phones joining their network, known as an OMA CP message.
This would allow cybercriminals to view a person’s web history and read their emails.
“When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source,” said Mr. Makkaveev. “By clicking ‘accept’, they could very well be letting an attacker into their phone.”
The research also says that phones made by Huawei, LG, and Sony do have a form of authentication, but hackers only need the International Mobile Subscriber Identity (IMSI) of the recipient’s phone to ‘confirm’ their identity. And it is not difficult for attackers to get their hands on a phone’s IMSI details.
Researchers say Samsung included a fix addressing this phishing flow in their Security Maintenance Release for May (SVE-2019-14073), LG released their fix in July (LVE-SMP-190006), and Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones. Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification.
Comments
Post a Comment