04 September 19, 19:14
Quote:Over half of all Android handsets are susceptible to a clever over-the-air SMS phishing attack that could allow an adversary to route all internet traffic through a rogue proxy, as well as hijack features such as a handset’s homepage, mail server and directory servers for synchronizing contacts and calendars.
Researchers at Check Point said Samsung, Huawei, LG and Sony handsets are “susceptible” to the phishing ploy.
“In these attacks, a remote agent can trick users into accepting new phone settings that, for example, route all their internet traffic through a proxy controlled by the attacker,” Check Point researchers Artyom Skrobov and Slava Makkaveev wrote in a blog post outlining their research on Wednesday.
Check Point said the attack vector was reported to handset makers in March and so far Samsung and LG have released fixes to address what researchers are calling a “phishing flow.” Huawei told Check Point its next-generation of handsets (Mate series or P series) will be updated to mitigate against such an attack.
“Sony refused to acknowledge the vulnerability, stating that their devices follow the [Open Mobile Alliance Client Provisioning] OMA CP specification,” wrote researchers.
Read more here: https://threatpost.com/half-of-android-h...ck/147988/