New Phishing Exploit Leaves Android Phones Vulnerable

Got an Android Phone? You’re going to love this. Attackers can now take control of your phone over-the-air.

From Check Point Research, “Check Point Researchers have identified a susceptibility to advanced phishing attacks in certain modern Android-based phones, including models by Samsung, Huawei, LG and Sony. In these attacks, a remote agent can trick users into accepting new phone settings that, for example, route all their Internet traffic through a proxy controlled by the attacker. This attack vector relies on a process called over-the-air (OTA) provisioning, which is normally used by cellular network operators to deploy network-specific settings to a new phone joining their network. However, as we show, anyone can send OTA provisioning messages.”

“While OTA provisioning has been used in the past to set up wireless access point proxies to hijack traffic, this is the first time that an attack has been shown to hijack email on mobile phones,” says Slava Makaveev, a security researcher with Check Point. “The ability to configure email and directory servers is a vendor-specific extension for the protocol,” he says. “The email server provisioning is a design weakness.”

How bad is this problem? “More than half of the Android mobile phones in use are susceptible to an advanced text-based phishing attack that only requires a cybercriminal make a $10 investment.” Ten bucks!

The bottom line is you cannot trust any text message that includes a link or requires you to enter a PIN, especially if the text message is unsolicited. That is true even if the message appears to come from your carrier.

Most email-based phishing attacks can be stopped with anti-phishing solution like that from Phish Protection. There are others, like OTA provisioning attacks against Android phones, that require you to be on top of your game. Stay on top of your game.