Beware! Billion of Android users can easily be tricked into changing their devices' critical network settings with just an SMS-based phishing attack.
Whenever you insert a new SIM in your phone and connects to your cellular network for the very first time, your carrier service automatically configures or sends you a message containing network-specific settings required to connect to data services.
While manually installing it on your device, have you ever noticed what configurations these messages, technically known as OMA CP messages, include?
Well, believe me, most users never bother about it if their mobile Internet services work smoothly.
But you should worry about these settings, as installing untrusted settings can put your data privacy at risk, allowing remote attackers to spy on your data communications, a team of cybersecurity researchers told The Hacker News.
Mobile carriers send OMA CP (Open Mobile Alliance Client Provisioning) messages containing APN settings, and other device configurations that your phone need to set up a connection to the gateway between your carrier's mobile network and the public Internet services.
For APN settings, the configuration includes an optional field to configure HTTP proxy that can route your web traffic through it, but many carriers use transparent proxies that don't even require this field to be set.
Besides proxy settings, OMA CP provisioning messages can also include configurations to change the following settings on the phone over-the-air (OTA):MMS message server,
Proxy address,
Browser homepage and bookmarks,
Mail server,
Directory servers for synchronizing contacts ..
Support the originator by clicking the read the rest link below.
