New Phishing Vulnerability Discovered In All Versions Of Android [Updates]

Ads by Google

A new phishing technique utilizing SMS messages has just been in discovered in the Android Open Source Project. The vulnerability affects every version of Android going as far back as Donut (1.6), and all the way up to the former iteration of Jellybean (4.1) through Éclair (2.1), Froyo (2.2), Gingerbread (2.3) and Ice Cream Sandwich (4.0).

SMS phishing, also known as SMiShing, is a social engineering technique whereby a fake SMS sends you to a malicious website, or prompts you to download a malicious app onto your phone. The new vulnerability was discovered in the department of computer science in North Carolina State University, where a team of researchers were able to create an app that sends fake text messages. These can easily be made to look as if they were received by someone on your contact list.

Google has been notified of the issue, and according to the research team “The vulnerability is now confirmed and we [were] told that a change will be included in a future Android release. We are not aware of any active exploitation of this issue.” As mentioned above, the problem is confirmed to affect almost every version of Android, and exists on popular devices such as the Samsung Galaxy S3, the HTC One X, the Galaxy Nexus the Nexus S and others.

According to Google, the exploit will be fixed with the next version of Android, but what can you do until then? As usual, don’t click on suspicious links or download apps from unknown sources, and be especially aware of the fact that text messages can appear to come from known sources but still be malicious. Does a text message include a link you’re not sure about? Don’t click it, even if your mother, your wife or the your bank sent it.

Did you ever fall victim to a SMiShing attack?

Source: The Next Web

Ads by Google
Comments (29)
  • Mary Lee. Valenti

    What I want to know is how to get rid of SMS spam. I rarely give my cell phone number out, but as soon as I got my Samsung SIII, I started getting it.

  • Márcio Guerra

    Nice to know, although I don’t usually open links through sms services…

    Cheers

    Márcio Guerra

  • SmarterThanYou

    I solved the problem. I use iOS 6.1
    HA! Now quit trolling websites bashing iphones in favor of androids. As if google (or apple) care two cents about your fanaticism.

  • Patrick Jackson

    Yes, the only thing that this explains that the people that use smartphones, should be ‘smart’ enough themselves ( ! :) ), as it is us who operate it, and AI is not present in phones yet!

  • Daniel Escasa

    One thing phishers can’t imitate is the texting “style” of those on your contact list. E.g., one of my friends just hates sending text messages — he would much rather call — and anything longer than two words is suspect. Heck, anything longer than three characters is suspect. Another one is as fastidious about her spelling as I am, a third is completely careless, a fourth invents his own words and abbreviations. I think that about covers the texting styles of my friends. Point is, if I receive a text message that’s out of character, I don’t click on any links they may send. And even if I do, I’m not about to enter any sensitive information on the page I land on.

    • Yaara Lancet

      That’s a very good point. I use this myself, and it’s saved me from clicking malicious links when my friend managed to get her MSN account hacked. No matter how “real” they tried to make it look, it was really obvious it wasn’t her writing!

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.