Researchers warn of 'phishing' texts attacking smartphones

Security researchers say malicious software hiding in text messages can allow attackers to take over smartphones
Security researchers say malicious software hiding in text messages can allow attackers to take over smartphones

Cybersecurity researchers warned Wednesday of malicious software in text messages pretending to be from telecom carriers, opening a door for hackers to attack Android smartphones.

A report released by Check Point described a "new class of phishing attacks" that, when successful, can let hackers steal emails from Android smartphones made by Huawei, LG, Samsung and Sony.

The attack hinges on text messages made to appear as though they are coming from trusted telecom carriers requesting to update network settings, according to Check Point.

Allowing the "over-the-air provisioning" on a will give the attacker access to emails, the report indicated.

"When you first join a new carrier network, you'll get a warm welcome message from your —do not trust it," said Check Point security researcher Slava Makkaveev.

"Simply, we can't trust those texts anymore."

The attack can be executed at large-scale without any special gear, just a USB dongle that can be bought for $10 or so, according to Check Point.

Researchers said they tested the attack on an array of smartphones and notified respective device-makers of their findings early this year.

Samsung and LG fixed the vulnerability in security software updates, and Huawei planned to do the same in its next generation of Mate and P series smartphones, the researchers said.

"Although patches are in motion with named Android vendors, messages from trusted mobile carriers are, in fact, not to be trusted," the security firm contended.

The report comes days after Google researchers reported on a hacking operation that allowed attackers to plant malicious software on iPhone over a period of at least two years.

Researchers have also expressed concern about "SIM swap" fraud that enables an attacker to take over a phone number, and potentially other accounts, a trick used in the brief takeover of the Twitter account of the platform's chief executive Jack Dorsey.

© 2019 AFP

Citation: Researchers warn of 'phishing' texts attacking smartphones (2019, September 4) retrieved 13 July 2024 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Twitter CEO hack highlights dangers of 'SIM swap' fraud


Feedback to editors