[ad_1]
Check Point Research has revealed a security flaw in Samsung, Huawei, LG, Sony and other phones, which makes users vulnerable to advanced phishing attacks.
The affected Android phones use OTA provisioning, which allows mobile network operators to deploy network-specific settings on a new phone joining their network. However, researchers have found that the industry standard for live provisioning, OMA CP (Open Mobile Alliance Provisioning), includes limited authentication methods. This can be exploited, allowing hackers to pretend to be network operators and sending deceptive OMA CP messages to users.
An unauthenticated CP message as it appears to a Samsung user
The message prompts users to accept malicious settings that may, for example, route all their Internet traffic to an attacker-owned proxy server and allow them to read their e-mails.
Samsung phones are the most vulnerable
The researchers found that some Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of CP OMA messages. The user must only accept the CP and the malware will be installed without the sender having to prove his identity.
"Given the popularity of Android devices, it's a critical vulnerability that needs to be addressed," said Slava Makkaveev, security researcher at Check Point Software Technologies. "Without a strong form of authentication, it is easy for a malicious agent to launch a phishing attack through OTA provisioning (Over The Air). When the user receives an OMA CP message, there is no way to know if it comes from a trusted source. By clicking on "accept", they could very well let an attacker enter their phone. "
Huawei, LG and Sony phones have some form of authentication verification, but hackers only need the recipient's International Mobile Subscriber Identity (IMSI) to "confirm" their identity.
Hackers can get the victim's IMSI in a variety of ways, including creating an unauthorized Android app that reads the phone's IMSI once it's installed. The attacker can also bypass the need for an IMSI by sending the user a text message masquerading as the network operator and asking him to accept an OMA message CP protected by pins. If the user enters the PIN code and accepts the CP OMA message, the CP can be installed without IMSI.
A USERPIN-authenticated CP message as it appears to a Huawei user
Some corrections are available
The researchers disclosed their findings to the relevant vendors in March 2019:
- Samsung has included a fix that resolves this issue in its May security maintenance release (SVE-2019-14073).
- LG released its fix in July (LVE-SMP-190006)
- Huawei plans to include user interface patches for OMA CP in the next generation of Mate or P series smartphones
- Sony has stated that its devices comply with the CP OMA specification.
[ad_2]
Source link