Researchers recently discovered a new ‘advanced’ method of phishing attack aiming at Android devices that can trick users into installing malicious settings in their devices.
According to the findings disclosed by cybersecurity firm Check Point Research, the phishing attacks have been successful on most Android devices including the latest versions of Huawei, LG, Sony Xperia, and even Samsung Galaxy S9.
The researching team declares that the ‘bad’ actors utilize an ‘over-the-air’ technique to deploy carrier-specific settings on the targeted devices. This enables them to intercept all email traffic to and from the compromised Android devices using inauthentic SMS messages.
The vulnerability can be exploited during any time of the day and night – and only requires the phone to be connected to their carrier networks. However, the report by the cybersecurity firm suggests that the vulnerability does not affect Wi-Fi hotspots.
In fact, the cybercriminal only needs to get hold of the international mobile subscriber identity (IMSI) – a number that identifies every user of a cellular network to deploy their attack.
The researchers at Check Point discreetly informed of their findings to Android-phone manufacturers. With the exception of Sony Company, all have or are planning to issue patches to tackle the vulnerability in future updates.
Similarly, in the past, threat actors have used various methods to attack the devices of innocent users. However, the attack in question is very concerning.
Nevertheless, the users are suggested to remain proactive regarding the apps and software they install their device and remain vigilant about ‘installs’ that appears as links in their text messages.
Read next: Despite the rise of in-app purchases in App Store, Android is still topping iOS users in mobile gaming
Photo: REUTERS / Dado Ruvic
According to the findings disclosed by cybersecurity firm Check Point Research, the phishing attacks have been successful on most Android devices including the latest versions of Huawei, LG, Sony Xperia, and even Samsung Galaxy S9.
The researching team declares that the ‘bad’ actors utilize an ‘over-the-air’ technique to deploy carrier-specific settings on the targeted devices. This enables them to intercept all email traffic to and from the compromised Android devices using inauthentic SMS messages.
The vulnerability can be exploited during any time of the day and night – and only requires the phone to be connected to their carrier networks. However, the report by the cybersecurity firm suggests that the vulnerability does not affect Wi-Fi hotspots.
In fact, the cybercriminal only needs to get hold of the international mobile subscriber identity (IMSI) – a number that identifies every user of a cellular network to deploy their attack.
The researchers at Check Point discreetly informed of their findings to Android-phone manufacturers. With the exception of Sony Company, all have or are planning to issue patches to tackle the vulnerability in future updates.
Similarly, in the past, threat actors have used various methods to attack the devices of innocent users. However, the attack in question is very concerning.
Nevertheless, the users are suggested to remain proactive regarding the apps and software they install their device and remain vigilant about ‘installs’ that appears as links in their text messages.
Read next: Despite the rise of in-app purchases in App Store, Android is still topping iOS users in mobile gaming
Photo: REUTERS / Dado Ruvic
