Android Smishing Vulnerability

Tuesday, November 6, 2012 @ 09:11 PM gHale


There is a smishing vulnerability that affects all versions of Android, including Jelly Bean, Ice Cream Sandwich, Froyo and Gingerbread.

Smishing attacks are actually phishing attacks that rely on SMS messages. They’re often utilized by cybercriminals to steal information from unsuspecting mobile phone users.

RELATED STORIES
Windows Update a Phish Tale
Cloud Ripe for Botnet Attacks
Cloud Confusion: Data Ownership
VMware Cloud Security Issue

An attacker can leverage the security hole via an application to create fake arbitrary SMS messages, said Xuxian Jiang, an associate professor at North Carolina State University’s Department of Computer Science.

“One serious aspect of the vulnerability is that it does not require the (exploiting) app to request any permission to launch the attack (In other words, this can be characterized as a WRITE_SMS capability leak.),” Jiang said.

Google is aware of the vulnerability. The company promised to address the issue in a future Android release.

In the meantime, experts advise users to be cautious when installing apps, especially ones from unknown sources.

Also, Android customers should carefully analyze suspicious SMS messages to avoid falling victims to phishing attacks.



Leave a Reply

You must be logged in to post a comment.