According to a new report Check Point shared with The Hacker News, weakly-authenticated provisioning messages implemented by some device manufacturers-including Samsung, Huawei, LG, and Sony-can allow remote hackers to trick users into updating their device APN settings with malicious attacker-controlled proxy servers. By exploiting the simple authentication measures in the industry-standard Open Mobile Alliance Client Provisioning (OMA-CP) spec, Check Point said, certain mobile handsets from Samsung could be targeted with a legit-looking message that appears to come from one's mobile network - without requiring any authentication at all. As a result, a message recipient (targeted user) can not verify whether the OMA CP message with new settings has been originated from his network operator or an imposter, leaving an opportunity for attackers to exploit this weakness.
The attack described by Check Point isn't automatic, as users have to press a button and accept to install the attacker's new device settings. Check Point said this was because Samsung phones accepted any kind of OMA CP message, with no authentication or verification mechanism in place. Because of this, there can be differences in how these messages are handled, including the user interface, between devices from different manufacturers.
"It takes only a single SMS message to gain full access to your emails", the researchers say.If users accept the CP, the phones settings will be modified. Many legitimate Android apps have permission to read a device's IMSI, so creating a rogue app to collect such numbers would not raise suspicion.
The attacker can also bypass the need for an IMSI by sending the user a text message posing as the network operator and asking them to accept a pin-protected OMA CP message.
Sony Mobile did not return an email sent by ZDNet yesterday seeking additional comments from company regarding the Check Point report.
Through relatively affordable and simple means, attackers can craft OMA-CP extended markup language scripts sent via SMS that, if users accept them, can change settings such as the proxy server address, browser home page and bookmarks as well as email and directory servers for contacts and calenders. The advisory notes that "all devices with all OS versions" are affected. Samsung included a fix addressing this phishing flaw as part of its security maintenance release for May (SVE-2019-14073).
Repo-linked home loan rates can be volatile
No one in India will accept a floating rate on deposits, since what they need is income certainty", Ganapathy added. In the April 2012-June 2013 period, while repo rate came down by 125 bps, banks' deposit rate fell by just 40 bps.
TV star Lakshay join starcast of Karan Johar’s upcoming venture ‘Dostana 2’
Reportedly, Kartik and Janhvi will be seen playing siblings in Dostana 2 and Lakshya will be seen romancing Kartik in the movie. The actor who has his roots in TV, went through a rigorous selection process that included auditions and photoshoots.
Trump's 15% tariffs on $112B in Chinese goods take effect
In response, Canada and the European Union in July announced plans to set up a temporary appeals court to settle trade disputes. That estimate is in the low range because it was based on a duty rate of 10 per cent, before Trump increased it to 15 per cent.
LG released its fix in July (LVE-SMP-190006). Huawei says it's planning to include UI fixes for OMA CP in the next generation of Mate or P series smartphones.
Sony stated that its devices follow the OMA CP specification. OMA is tracking this issue as OPEN-7587. The organization did not immediately respond to a request for comment.
CYBERSECURITY researchers warned today of malicious software in text messages pretending to be from telecom carriers, opening a door for hackers to attack Android smartphones. "Such CP can be installed regardless of the IMSI, provided that the victim accepts the CP and enters the correct PIN". If mobile network features stop working, such as MMS services or mobile data, users can then contact their telcos' support centers and ask operators to re-send the provisioning messages again, knowing they are legitimate.
There are some similarities between this attack and those involving other provisioning protocols for consumer equipment.
This functionality is usually hidden to the end-user and is used by the ISPs to push new configurations to subscriber devices or even to update their firmware.
In terms of the attack's impact, there is a similarity to the Web Proxy Auto-Discovery (WPAD) spoofing attacks. This in turn enables a variety of attacks.