Avast Blog_Security News: Critical flaw found in many Android smartphones

[harlan4096]

Android phones made by Samsung, Huawei, LG, and Sony have been found to have a major vulnerability.

Cybersecurity researchers have identified a critical flaw in the Android smartphones built by Samsung, Huawei, LG, and Sony, whereby a bad actor could potentially infiltrate a victim’s phone using a phony provisioning message. Mobile operators send out provisioning messages as SMS texts when they make internal changes to their systems, and the messages request user approval to change the device’s network settings. The vulnerability was disclosed to the smartphone makers in March this year. Forbes reported estimates that as many as 1.25 billion Android users could be at risk.

In addition to network providers, large enterprises also make use of the provisioning message protocol, for instance to configure employee devices with the company’s email server. ZD Net reported that the researchers were able to send phony provisioning messages to smartphones made by the four developers mentioned above, and all were received without issue.

This means that bad actors could also take advantage of sending provisioning messages to users, tricking them into modifying their devices to reroute email or web traffic through a malicious server. Because this is a new attack vector, users will most likely trust these fraudulent yet official-looking texts at first. If they don’t suspect anything is wrong, they will automatically grant the permission, essentially putting their most sensitive information in the criminals’ hands.

“All software is bound to have vulnerabilities, and this is no exception,” Avast Security Evangelist Luis Corrons reminds us. “What really makes a difference is the diligence these companies take to fix the problem and protect their users. I strongly recommend we put our trust in brands that take security seriously and are able to react quickly with a solution.”
...

Continue Reading