A simple Android flaw left a billion phones open to phishing attacks

As per Wikipedia, Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

A security flaw in the way most leading Android-based phones communicate with the network is putting users at risk of advanced phishing attacks security researchers have warned.

The flaw potentially exposes an estimated 2.5 billion monthly active users of Android phones to phishing attacks and although some top suppliers have recently issued fixes, not all Android users are covered so many could still be at risk.

The affected Android phones use over-the-air (OTA) provisioning which allows mobile network operators to deploy network-specific settings to a new phone joining their network. Check Point researchers have however found that the industry standard for OTA provisioning and the Open Mobile Alliance Client Provisioning (OMA CP) includes limited authentication methods.

This can be exploited to custom-engineer SMS text messages enabling attackers to pose as network operators and send deceptive OMA CP messages to users.

The message appears like an update and is designed to trick users into accepting malicious settings that can for example, route all their internet traffic through a proxy server owned by the hacker.

It takes only a single SMS message to gain full access to a device’s emails and users cannot verify whether the rogue SMS and suggested updates originate from their network carrier or from an attacker.

The researchers also found that anyone connected to a cellular network can be targeted by these attacks, not only users connected to a Wi-Fi network.


These android phishing attacks was first identified by Researchers at Check Point however, the researchers disclosed their findings to the affected Android phone suppliers in March 2019 and several Android phone suppliers have since responded.

Samsung included a fix in its May Security Maintenance Release (SVE-2019-14073), LG released a fix in July (LVE-SMP-190006) and Huawei is planning to include fixes for OMA CP in the next generation of Mate-series or P-series smartphones. Sony stated that its devices follow the OMA CP specification.

Thank you for reading and for more details on our products and services please feel free to visit us at You may just find what you need to boot your business forward.

You might be interested


Copyright © 2020 Intellope, s.r.o. | All rights reserved.


Most popular


You’ve read about the importance of being courageus, rebellious and imaginative.

Social club

There is no better advertisement campaign that is low cost.

Copyright © 2020 Intellope, s.r.o. | All rights reserved.