A Single Text Message Could Hack Your Android Phone


By MYBRANDBOOK


A Single Text Message Could Hack Your Android Phone

There is a say, no software or hardware invented so far can’t be hackable. Few days back ,we have heard on the breach with Apple iPhone. When the iOS could hackable then the question of hacking of the android phone is much easier, with a just single text message.

 

With 2.5 billion devices globally using the Android mobile OS, it makes it the world’s most popular operating system, including those made by SamsungVivo and Huawei, which are at the risk of being hacked by text messages. Hence, using of mobile phone is equal dangerous.

 

When you get any text message from an unknown person lands in your mobile phone, it invites dangerous to you and you forget about the telephone calls we are receiving from an unknown person, by saying, from a bank, real estate company or anyone you don’t know, is equally dangerous. While you are attending the calls your contact list can be copied in just few seconds and they can clone your phone no with some other devices. In the coming days using smartphone will invite the vulnerabilities.

 

When a text message that land up in the inbox in your Android phone. A major security vulnerability in the Android operating system has left a billion phones vulnerable to getting hacked, by a plain and simple text message. Check Point Research says. The Threat Intelligence arm of Check Point Software Technologies Ltd. has revealed that there is “a security flaw in Samsung, Huawei, LG, Sony and other Android-based phones that leaves users vulnerable to advanced phishing attacks.

 

The report further says, that the hack works by making use of the over the air (OTA) method that mobile network operators use to update new phones joining their network, also known as an OMA CP message. Researchers say that this method involves limited authentication methods. Therefore, hackers or someone working remotely can exploit this route to pose as a network operator that you have just connected to and send a deceptive OMA CP message to Android phones.

 

One way of taking advantage of this vulnerability is by re-directing all internet traffic from someone’s phone through a proxy server owned by the hacker. This would allow cyber criminals to view a person’s web history and read their emails and the Android phone user would not realize what is happening, and the data in the phone can be accessed by the hacker.

 

There are certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of OMA CP messages. The user only needs to accept the CP and the malicious software will be installed without the sender needing to prove their identity,” says Check Point Research.

 

The research also says that phones made by Huawei, LG, and Sony do have a form of authentication, but hackers only need the International Mobile Subscriber Identity (IMSI) of the recipient’s phone to ‘confirm’ their identity. And it is not difficult for attackers to get their hands on a phone’s IMSI details-this can be done by creating a rogue Android app that reads a phone’s IMSI once it is installed or the attacker can simply bypass the need for an IMSI by sending the user a text message posing as the network operator and asking them to accept a pin-protected OMA CP message. If the user then enters the provided PIN number and accepts the OMA CP message, the CP can be installed without an IMSI.

 

Given the popularity of Android devices, this is a critical vulnerability that must be addressed,” said Slava Makkaveev, Security Researcher at Check Point Software Technologies. Samsung addressed this flaw with their May release, LG addressed it with a fix in July, and Huawei is planning on fixing it in the next generation of its smartphones. Sony claims their devices already follow the OMA CP specification.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org