HomeNewsResearchers uncover SMS-related vulnerability in Android

Researchers uncover SMS-related vulnerability in Android

Security researchers at the NC State University found a loophole in the SMS system of Android.

Despite Google’s efforts to keep Android safe and secure, researchers at NC State University found a new vulnerability that could lead to phishing via SMS. According to Android Authority, Google has acknowledged the flaw, and has assured to address it in future releases of Android.

Google plans to strengthen the security of Android operating system with the upcoming Android Jelly Bean update. However, the security is limited to applications installed outside Play Store to keep the system secure.
Researchers uncover SMS-related vulnerability in Android
Security researcher Xuxian Jiang’s team at NC State University discovered the SMS-phishing, which has been termed SMSishing (SMS Fishing). The problem begins when the user downloads an infected app which requests to communicate via SMS. Then the program can make it appear that the user has received an SMS from someone in his list.

Upon thorough testing, security researchers found that the SMS vulnerability exists even in the old Android 1.6 Donut apart from recent versions such as Gingerbread (2.3), Ice Cream Sandwich (4.0) and even Jelly Bean (4.1).

This way the fake message can mislead the user to give away login credentials, password, PIN and other personal information. The researchers informed Android Security Team (AST) about this and the AST verified the vulnerability. Google Android Security Team said the vulnerability will be fixed in future updates.

Apple iOS also faced a nasty SMS vulnerability which was reported recently and it is claimed that the vulnerability existed since the first iPhone shipped back in 2007.

SMS Spoofing and SMSishing are two major attacks that can impact millions of users if not addressed quickly. The security teams at both camps (iOS and Android) are working on solutions to fix this without hampering the device, the dependent apps or the user, in any way.

For the latest tech news and reviews, follow us on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

RELATED STORIES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News