More than a billion Android phones are vulnerable to phishing attacks

WASHINGTON (Reuters) – More than a billion Android smartphones, including those of the world's biggest manufacturers, are exposed to serious cyber attacks that could steal personal information, researchers said Monday. Researchers at Check Point security firm have discovered a new type of advanced phishing attacks targeting Android phones, prompting users to install malicious settings on their devices via fake messages that appear to come from network providers.

The phones threatened are Huawei P10 phones, LG G6, Sony Xperia XZ Premium and Samsung Galaxy S9.

Since Samsung, Huawei, LG and Sony account for more than 50% of Android phones, the scope of the attack is very broad.

This flaw allows hackers to steal a user's email addresses via fake SMS messages designed to intercept incoming and outgoing email messages on Android phones.

According to the report, hackers are taking advantage of OTA online services, a technology often used by telecom operators to deploy enterprise-specific settings on new devices.

According to researchers, anyone connected to a mobile network is vulnerable to attack because SMS does not require that the victim's device be connected to a wireless network. One message is enough to access e-mails.