Critical flaw found in many Android smartphones

 Major vulnerabilities have been found in many companies such as Android phones made by Samsung, Huawei, LG.

Cybersecurity researchers have identified a critical flaw in the Android smartphones built by Samsung, Huawei, LG, and Sony, whereby a bad actor could potentially infiltrate a victim’s phone using a phony provisioning message. Mobile operators send out provisioning messages as SMS texts when they make internal changes to their systems, and the messages request user approval to change the device’s network settings. The vulnerability was disclosed to the smartphone makers in March this year. Forbes reported estimates that as many as 1.25 billion Android users could be at risk. 


In addition to network providers, large enterprises also make use of the provisioning message protocol, for instance to configure employee devices with the company’s email server. ZD Net reported that the researchers were able to send phony provisioning messages to smartphones made by the four developers mentioned above, and all were received without issue. 

This means that bad actors could also take advantage of sending provisioning messages to users, tricking them into modifying their devices to reroute email or web traffic through a malicious server. Because this is a new attack vector, users will most likely trust these fraudulent yet official-looking texts at first. If they don’t suspect anything is wrong, they will automatically grant the permission, essentially putting their most sensitive information in the criminals’ hands. 

“All software is bound to have vulnerabilities, and this is no exception,” Avast Security Evangelist Luis Corrons reminds us. “What really makes a difference is the diligence these companies take to fix the problem and protect their users. I strongly recommend we put our trust in brands that take security seriously and are able to react quickly with a solution.”

Samsung, Huawei, and LG have already issued patches for the flaw while Sony has not.  Here’s what each company has done: 

Samsung included a fix in its Security Maintenance Release for May

LG sent out a fix in their July Security Bulletin

Huawei plans to include the fix in its next generation of Mate series and P series mobile phones

Sony Mobile has not issued a fix and so far has refused to acknowledge the vulnerability, according to ZD Net.

- by AVAST

Comments

Post a Comment

Popular posts from this blog

DATA LEAKAGE IN CLOUD

Image
  Data leakage is a complex challenge for companies today. Being able to work remotely and share files is essential for the day-to-day functions of many organisations. Cloud computing has many benefits for your organisation and allows for diversity in collaboration methods including the ease in which files are shared. However, with the increase in cloud computing also comes an increased risk for your organisation . Read more about  ways to reduce risk  when migrating to the cloud .  The largest and most critical threat cloud computing poses for  today, is the loss of sensitive and personal data and information - both deliberately and inadvertently. And, remember, cloud data breaches are on the rise because many organisations don’t leverage best practices. Don’t let this happen to your organisation - be proactive and prevent them in the first instance! Why does this happen? Cloud computing can make life easier and organisations more agile. However, they can also pose a major proble
Read more

Online dating in 2021: cyber safety precautions for women

Image
 Online dating has become a common phenomenon, with many apps and their ever-increasing user base. This new trend may turn out to be unsafe for various users. The solution is not to completely stop using them, but to ensure that you use them safely. It is not a hidden fact that men and women experience cyber crime differently. More so, women are more likely to face cyber stalking and online harassment than men. This article suggests a list of cyber safety practices for women that you must follow. From what we have seen in the cases we receive, the reasons for women being the primary victims can be: Lack of awareness of using dating platforms. Negligible interest in knowing about security measures. Perpetrators may find it easy to blackmail a victim for being present on online dating sites due to cultural stigma. Lack of familiarity with technological advancements. After taking a detailed look at the available cases, I have prepared the following guide. You can adopt the following secur
Read more

The Growing Need for a New Security Platform

Image
 The Growing Need for a New Security Platform The idea of a security platform is not new. Neither are the issues related to security and vendor sprawl inside  he an organization. The original idea behind the Next-Gen Firewall was to blend several products into a single platform to reduce IT overhead and simplify wiring closets that had been overrun with security devices. And it worked. NGFW solutions quickly became the cornerstone for security implementations in virtually every organization in the world. There were still challenges, however. Interoperability was one. For many of these solutions, the various technologies — usually some combination of a firewall, IPS, VPN, web filtering, AV, and sandbox solution —didn’t really work together as a single seamless solution. Many components used different operating systems and even had separate management consoles. Another issue was the quality of the solutions embedded in the platform. A security vendor that built an NGFW platform may have
Read more