A security flaw in Samsung, LG, Sony, Huawei, and other Android smartphones has already been found that leaves consumers exposed to sophisticated SMS malware attacks, Check Point Research — that the danger intelligence arm of cybersecurity company Check Point Software Technologies Ltd. said on Thursday.
Researchers in the cybersecurity company said individual Samsung telephones would be the most vulnerable to the kind of phishing attack since they don’t have a credibility check for senders of Open Mobile Alliance Client Provisioning (OMA CP) messages.
“Given the prevalence of Android apparatus, this is a crucial vulnerability that has to be dealt with.
“When the consumer receives an OMA CP message, then they don’t have any way to differentiate whether it’s from a trustworthy source.
The Android telephones utilize OTA provisioning, whereby mobile network operators may deploy network-specific configurations to a different phone connecting their network.
But, researchers in Check Point discovered the business benchmark for OTA provisioning — that the OMA CP, comprises limited authentication procedures and distant agents may exploit this to present as network operators and also deliver bogus OMA CP messages.
The information tricks users into accepting malicious configurations which path their Web traffic through a proxy server owned by the user.
The findings have been revealed to the affected sellers in March; Samsung added a repair addressing this phishing defect in their Safety Maintenance Release for May (SVE-2019-14073), LG introduced their replacement at July (LVE-SMP-190006), and Huawei will include UI repairs for OMA CP from another generation of Mate string or P series mobiles.
But, Sony refused to admit the vulnerability, saying that their apparatus follow the OMA CP specification.