More than half of the Android mobile phones in use are susceptible to an advanced text-based phishing attack that only requires a cybercriminal make a $10 investment.
Check Point researchers found malicious actors using a remote agent to trick phone owners into accepting new phone settings that hand over various levels of control to the attacker. The attack vector is through a process called over-the-air (OTA) provisioning which is used by carriers to deploy network-specific settings to new phones coming onto their network.
One issue is anyone can send such an OTA provisioning message using the industry standard Open Mobile Alliance Client Provisioning (OMA CP) protocol. The second is phones from top vendors, Samsung, LG, Huawei and Sony are equipped with limited authentication methods making it impossible for a recipient of a phishing message to authenticate the sender.
Equipping yourself to send an OMA CP message requires a $10 USB dongle or a phone operating in modem mode. This is used to send a binary SMS message containing a homegrown or even off the shelf software. Samsung phones are particularly defenseless against this attack by allowing unauthenticated ..
Support the originator by clicking the read the rest link below.
