Android phones made by Samsung, Huawei, LG, and Sony have been found to have a major vulnerability.
Cybersecurity researchers have identified a critical flaw in the Android smartphones built by Samsung, Huawei, LG, and Sony, whereby a bad actor could potentially infiltrate a victim’s phone using a phony provisioning message. Mobile operators send out provisioning messages as SMS texts when they make internal changes to their systems, and the messages request user approval to change the device’s network settings. The vulnerability was disclosed to the smartphone makers in March this year. Forbes reported estimates that as many as 1.25 billion Android users could be at risk.
In addition to network providers, large enterprises also make use of the provisioning message protocol, for instance to configure employee devices with the company’s email server. ZD Net reported that the researchers were able to send phony provisioning messages to smartphones made by the four developers mentioned above, and all were received without issue.
This means that bad actors could also take advantage of sending provisioning messages to users, tricking them into modifying their devices to reroute email or web traffic through a malicious server. Because this is a new attack vector, users will most likely trust these fraudulent yet official-looking texts at first. If they don’t suspect anything is wrong, they will automatically grant the permission, essentially putting their most sensitive information in the criminals’ hands.
“All software is bound to have vulnerabil ..
Support the originator by clicking the read the rest link below.
