More than a billion Android phones vulnerable to hacking via phone settings (details)

Check Point researchers discovered a vulnerability in Android smartphones, making them vulnerable to advanced phishing attacks.

It is estimated that vulnerability reveals 2.5 billion active monthly users of Android phones worldwide, including devices from Sony, Samsung, Huawei and LG.

In these advanced fraud attacks, a remote client can cause users to accept new phone settings, such as routing all Internet traffic through a proxied proxy.

Check Point researchers Artyom Skrobov and Slava Makkaveev explain that the attack occurs via an OTA, where operators deploy network-specific parameters for new phones arriving on their network.

However, the researchers found that the industry standard for the provision of OTA, OMA CPs (Open Mobile Client Provisioning), included limited authentication methods. In other words, the user would not be able to verify if the proposed systems came from a support operator or network.

"To send messages to the OMA PC, the attacker needs a GSM modem (either a 10-dollar electronic key or a phone running in modem mode), used to send two SMS messages, a simple one. script or a ready-to-use program, to configure the OMA PC. "

Phishing messages can be personalized, designed to fool a specific recipient or send them collectively, assuming that some recipients are naïve and will accept CP without questioning its authenticity.

For Samsung devices, no scan can bypass a threat representative. Despite the use of devices Huawei, LG, Sony or Sony, the actor of the threat must obtain the IMSI (International Mobile Subscriber Identity) identity of the target phone, "64-bit ID by device on a mobile network ".

OMA CP allows you to change the following settings: MMS server, proxy address, browser home page, bookmarks, mail server, directory servers, synchronization of contacts, calendar, and so on.

The researchers also discovered that anyone connected to a cellular network can be targeted, not just users connected to Wi-Fi.

"Given the popularity of Android devices, it's a critical gap to bridge," said Slava Makavev, a security researcher at Check Point Software Technologies.

"Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack via remote provisioning." When a user receives an OMA CP message, he has no way to know if it comes from an approved source.By clicking on "Accept", it can leave an attacker in his phone. "

The researchers revealed their findings to the relevant suppliers in March, with Samsung including a patch in its May safety release. LG released its repair in July. Huawei plans to include patches in the next generation of smartphones from the Mate series or the P series, and Sony refuses to recognize a vulnerability.

"People must be very careful whenever they receive an unsolicited text message asking them to enter a PIN or other authorization, even if it appears to be from a telecommunications company." . " Contact a company immediately Communication By their customer service number and ask if this is legitimate. "