SMS flaw: Samsung, Huawei, LG and Sony smartphones at risk

Check Point researchers have discovered a security flaw that affects Android smartphones and makes them vulnerable to hackers. How to defend yourself

Researchers from Check Point, an Israeli company expert in cybersecurity, have discovered a vulnerability that affects Android smartphones from the most popular manufacturers: Samsung, Huawei, LG and Sony. It is a cybersecurity flaw that affects the "over-the-air provisioning" system, which is the one used by network operators to remotely set some network specifications of a smartphone that joins their network.

Hackers can exploit this flaw, masquerading as phone operators and infect users' smartphones via a simple SMS message that installs malware or a virus. This way, hackers take control of the device and can remotely use the smartphone for their illicit activities. But that's not all. They can also hijack internet traffic and steal the user's personal data. To be able to defend yourself from this particular type of hacker attack, you need to install a security solution that is able to recognize phishing and all its derivatives.

Smartphone manufacturers have taken the field and released security patches that are able to block hacker attacks through OTA provisioning: Samsung devices have been protected since last March, while LG released security patches in July. Security patches for Huawei devices will also arrive in the coming months.

How the SMS phishing attack works

This is a fairly advanced hacker attack that is difficult to counter. The hackers exploit a flaw present in the security of "over-the-air provisioning," the system used by phone operators to remotely set certain network specifications when a smartphone first joins their infrastructure. Check Point researchers have discovered that OTA provisioning uses a standard, Open Mobile Alliance Client Provisioning (OMA CP), that leverages unsecured authentication systems to work.

Hackers can exploit flaws in OMA CP to masquerade as telecom operators, send messages to users inviting them to accept network changes to make their smartphones work better, and gain undisturbed access to and ownership of the device. In this way, hackers can install viruses or use the smartphone for illicit purposes.

Check Point researchers have determined that the smartphones most vulnerable to OMA CP messages are those from Samsung, because they do not have a sender authenticity check. The South Korean company, however, has already taken the field and released a security patch in March that fixes the flaw. Devices from Huawei, Sony and LG use a more advanced, but equally hackable, authentication system: hackers only need to obtain the International Mobile Subscriber Identity (IMSI) code to gain undisturbed access to the smartphone. To obtain the IMSI, all you have to do is install a malicious app on the device or convince the user to share it through an email phising.

How to defend against the phising attack

Check Point has warned smartphone manufacturers who have taken steps to fix the flaw. As mentioned, Samsung released a security patch in March, while LG did so in July, while Huawei will implement the fix on upcoming Mate and P-series devices. Sony, on the other hand, has not acknowledged the vulnerability.

One way to defend against the SMS phishing attack is to install a security solution that can protect your smartphone from malicious OMA CP messages. On the Google Play Store there are many Android antiviruses available, including free ones.