Researchers have uncovered a new kind of “advanced” phishing attack specifically targeting Android users. The spoofing attack will trick users into installing malicious settings on their devices that are disguised as innocuous network configuration updates.
Any phone running Android can be targeted, but cybersecurity firm Check Point Research has found the attacks to be most successful on modern phones including the Huawei P10, LG G6, Sony Xperia XZ Premium, and Samsung Galaxy S9. The ploy leverages over-the-air (OTA) provisioning – a technique used by telecom operators to deploy carrier-specific settings on new devices – in order to intercept email or web traffic to and from Android phones using crafted bogus SMS messages. Users can be tricked into accepting new phone settings that will route their internet traffic to steal emails through a proxy controlled by the attacker. This vulnerability can be exploited as long as the phones are connected to their carrier networks. All the cybercriminal needs is a GSM modem used to dispatch a rogue provisioning message to the susceptible phones by getting hold of their international mobile subscriber identity (IMSI). The message follows a format that is weakly authenticated, making it harder for a recipient to verify whether the settings originated from their carrier or from a fraudster.
Once Check Point Research disclosed its finding, companies have either issued patches or are planning to fix the vulnerability in upcoming releases. The threat serves as a reminder that phishing attacks are not limited to email as attackers branch out to SMS messages and internet settings. There is no easy way for users to determine the authenticity of these messages other than continuing to stay vigilant about installing anything untrusted on your devices, especially when delivered via text messages. To learn more about this scam, visit here.