Advanced SMS Phishing Attacks Targeting Android-Based Smartphones: Check Point

Check Point researchers said certain Samsung phones are the most vulnerable to this form of phishing attack.

Advertisement
By Indo-Asian News Service | Updated: 5 September 2019 18:57 IST
Highlights
  • Check Point said a variety of Android smartphones are affected
  • Certain Samsung phones are said to be most vulnerable
  • Samsung has issued a fix in its May security release
Advanced SMS Phishing Attacks Targeting Android-Based Smartphones: Check Point

A security flaw in Samsung, LG, Sony, Huawei and other Android smartphones has been discovered that leaves users vulnerable to advanced SMS phishing attacks, Check Point Research -- the threat intelligence arm of cybersecurity firm Check Point Software Technologies Ltd. said on Thursday.

Researchers at the cybersecurity firm said certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of Open Mobile Alliance Client Provisioning (OMA CP) messages.

"Given the popularity of Android devices, this is a critical vulnerability that must be addressed. Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air (OTA) provisioning.

"When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source. By clicking 'accept', they could very well be letting an attacker into their phone," Slava Makkaveev, Security Researcher, Check Point Software Technologies, said in a statement.

Advertisement

The affected Android phones use OTA provisioning, through which cellular network operators can deploy network-specific settings to a new phone joining their network.

However, researchers at Check Point found that the industry standard for OTA provisioning -- the OMA CP, includes limited authentication methods and remote agents can exploit this to pose as network operators and send deceptive OMA CP messages to users.

Advertisement

The message tricks users into accepting malicious settings that route their Internet traffic through a proxy server owned by the hacker.

The findings were disclosed to the affected vendors in March; Samsung included a fix addressing this phishing flaw in their Security Maintenance Release for May (SVE-2019-14073), LG released their fix in July (LVE-SMP-190006), and Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones.

Advertisement

However, Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification.

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android, Samsung, LG, Huawei, Sony, Check Point, SMS, Hack
OnePlus 7 Pro Gets Wide-Angle, Telephoto Video and More Features in Android 10 Open Beta
How Apple Uses Its App Store to Copy the Best Ideas
Advertisement

Related Stories

Google Confirms Android 16 Will Offer Desktop Experience Inspired by Samsung DeX
22 May 2025
Honor 400 Series to Get Six Years of Android Updates, AI Features Powered by Google’s Veo 2
22 May 2025
Android 16 Release: Everything You Can Expect from Google’s Upcoming OS Update
21 May 2025
Google I/O 2025: Google Previews Gemini-Powered Android XR Glasses With Live Language Translation Feature
21 May 2025
Google I/O 2025 Highlights: Google Announces Several New AI Features; Android XR Glasses Unveiled
21 May 2025

Tech News in Hindi »

More Technology News in Hindi »
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Xiaomi 15s Pro Design, Camera Details Teased Ahead of Launch Today
  2. Sam Altman Reportedly Drops Clues About 'Secret' AI Device With Jony Ive
  3. Vi Rolls Out 'Nonstop Hero' Plan With Truly Unlimited Data and Calls
  4. Samsung Galaxy Watch 8 Classic Renders Tease Squircle Design, New Button
  5. Tecno Pova Curve 5G India Launch Date Announced
  6. Motorola Razr 60 Will Launch in India on This Date
  7. Mistral's Coding Agent Devstral Outperforms OpenAI's GPT-4.1 Mini
#Latest Stories
  1. Motorola Razr 60 Set to Launch in India Next Week; Specifications Revealed
  2. Signal’s New Update Prohibits Microsoft’s AI-Powered Recall Feature From Taking Screenshots
  3. iPhone 7 Plus and iPhone 8 Added to Apple's Vintage and Obsolete Products List
  4. Tecno Pova Curve 5G India Launch Date Confirmed; to Be Available on Flipkart
  5. Vodafone Idea (Vi) Rolls Out ‘Nonstop Hero’ Plan With Truly Unlimited Data, Calls in Kolkata and Other Circles
  6. OpenAI’s Sam Altman Reportedly Hints at New AI Device Being Developed With Jony Ive
  7. Vodafone Idea Updates Family Postpaid Plans to Let Users Add Up to 8 Additional Members
  8. Amazon Begins Testing AI-Powered Audio Product Summaries Feature on Its Platform
  9. Mistral Releases Devstral, an Open-Source Agentic Coding AI Model That Outperforms GPT-4.1 Mini
  10. Sony to Fully Shut Down PlayStation Stars Loyalty Program Next Year
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.