As per the reports coming in, Check Point has found vulnerability in android-based smartphones during their research. This included well known brands like Samsung, Huawei, Sony and LG. In this a remote agent can trick users for accepting new phone settings that may route all their traffic through a proxy controlled by the attacker.
A similar kind of event was reported when Android smartphone makers have been misleading users about security patches in the past.
Let’s know a bit about Check Point Research – It is a multinational company which works as a provider of software and combined hardware and software products for IT security including all kind of security management like network security, endpoint security, cloud security, mobile security, data security etc.
It provides leading cyber threat intelligence to its customers and the greater intelligence community.
How Does It Work?
According to research any remote agent can ruse users by sending them an SMS which will have new phone setting and once users accept the request, the attacker will be able to route user’s traffic through its own proxy.
The attacker relies on a process called over-the-air (OTA) update -which is a wireless delivery of new software or data to mobile devices. Typically wireless carriers and original equipment manufacturers (OEMs) use OTA updates to deploy firmware and configure phones for use on their networks.
In simple words it is used by cellular network operators to deploy network-specific settings to a new phone joining their network .But the interesting thing is that anyone can send OTA message.
The OTA provisioning industry standards OMA CP (Open Mobile Alliance Client Provisioning) implements inadequate authentication methods like a recipient cannot verify that the suggested settings are initiated by his network provider or a hoaxer.
Which Brands Are Affected?
The outcome from this research is shocking as majority of affected brands are doing very well in this industry. According to market share data from 2018 , around 50% of all the android phones allowed user to receive malicious settings through these inefficient authenticated provisioning messages.
Smartphone brands like Samsung, Huawei, LG and Sony are at the top of this list.
Samsung smartphones are heading the list as they are allowing unauthenticated OMA CP messages.
Smartphone Brands Response to this Finding
Check Point Researchers discussed their findings to the affected vendors in March.
In response to this, Samsung added a fix for this phishing flaw in their Security Maintenance Release for May (SVE-2019-14073).
While Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones.
LG has up front released their fix in July (LVE-SMP-190006).
On the contrary, Sony has refused to acknowledge the vulnerability, saying that their devices follow the OMA CP specification. While OMA is tracking this issue as OPEN-7587.
The Security Researcher at Check Point Software Technologies, Slava Makkaveev said “Given the popularity of Android devices, this is a critical vulnerability that must be addressed,”.
He also added “Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air provisioning. When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source. By clicking ‘accept’, they could very well be letting an attacker into their phone.”
Comments are closed, but trackbacks and pingbacks are open.