And it is not difficult for attackers to get their hands on a phone’s IMSI details-this can be done by creating a rogue Android app that reads a phone’s IMSI once it is installed or the attacker can simply bypass the need for an IMSI by sending the user a text message posing as the network operator and asking them to accept a pin-protected OMA CP message. The research also says that phones made by Huawei, LG, and Sony do have a form of authentication, but hackers only need the International Mobile Subscriber Identity (IMSI) of the recipient’s phone to ‘confirm’ their identity. The user only needs to accept the CP and the malicious software will be installed without the sender needing to prove their identity,” says Check Point Research. “Researchers determined that certain Samsung phones are the most vulnerable to this form of phishing attack because they do not have an authenticity check for senders of OMA CP messages. The Android phone user would not realize what is happening, and the data in the phone can be accessed by the hacker. The message can then trick users into accepting malicious settings that would start to route the phone’s incoming and outgoing Internet traffic through a proxy server owned by the hacker. Therefore, hackers or someone working remotely can exploit this route to pose as a network operator that you have just connected to and send a deceptive OMA CP message to Android phones. Researchers say that this method involves limited authentication methods. The security firm says that the hack works by making use of the over the air (OTA) method that mobile network operators use to update new phones joining their network, also known as an OMA CP message.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |