Researchers discovered a complicated SMS phishing attack on a number of the targeted Android phone’s that enables an overseas attacker to trick victims in accepting the new settings and control the many browser home page and email server over the air.
Both Android Version smartphone models are vulnerable for this Attack (SMS phishing attack) its include many Smartphone Samsung, Huawei, LG, and Sony.
Basically, the network operators employing a process called “over-the-air (OTA) provisioning” also called as ” Open Mobile Alliance Client Provisioning (OMA CP) ” to deploy the network-specific settings when new phone joining their network.
Attackers perform this advanced SMS phishing attack by abuse OTA settings to send malicious settings with weak authentication messages.
There are several smartphones manufactured by Samsung, Huawei, LG and Sony which is sort of 50 you look after Android phones round the world let attackers change the malicious setting to spy the communication remotely.
Unfortunately, the recipient cannot verify whether the newly suggested settings comes from the initial network operator or attacker thanks to the limited authentication.
Attack Flow over the Air
Attack must have $10 worth USB dongle which might be wont to send binary SMS messages together with an easy script to compose and send the OMA CP message to the victim mobile.
This process may be performed by anyone who has incorporates a cheap USB modem to trick the victims and install malicious settings and redirect all their traffic through the attacker-controlled proxy.
According to the checkpoint Report, OMA CP allows changing the subsequent settings over-the-air:
- MMS message server.
- Proxy address.
- Browser homepage and bookmarks.
- Mail server.
- Directory servers for synchronizing contacts and calendar.
Top researchers test this attack used a many Android Samsung smartphone by send a undetectable (OMA)CP message mean while, they noticed that there's authenticity check when victims receive the CP messages and just accept the CP message is enough to put in the malicious settings.
An unauthenticated CP message because it appears to a Samsung user (Credits: checkpoint)
Also if the attacker wants to perform this attack on Huawei, LG or Sony phones, it requires to get the International Mobile Subscriber Identity (IMSI) numbers and it may be obtained via an Android application having READ_PHONE_STATE permission.
For those potential victims who were unable to obtain an IMSI, the attacker could send two messages to each victim. the primary may be a text message that purports to be from the victim’s network operator, asking him to just accept a PIN-protected OMA CP, and specifying the PIN as an arbitrary four-digit number Checkpoint researchers said.
Once it’s done, the attacker sends him an OMA CP message authenticated with the identical PIN. Such CP is installed irrespective of the IMSI, only if the victim accepts the CP and enters the proper PIN.
By successfully install the malicious settings through one SMS phishing attack, attackers gain full access to the emails from built-in email client in Android phones and web browsers home page.
Researcher can successfully testing this attacked this phones Huawei P10, LG G6, Sony Xperia XZ Premium, and a many variety of Samsung Galaxy phones, including S9.
Checkpoint found this flaw in March and reported to the particular vendors to use the fixed to stop the users from this advanced phishing attack.
Get More Information For Phishing Attack
1 Comments
nice it helping article
ReplyDelete