Is this
Yet another vulnerability on my android phone.
North Carolina State University researchers have revealed a vulnerability in Android that allows SMS messages to be sent from one app to another without going over the air, something they say could be used for SMS phishing attacks. The Xuxian Jiang-led team is the same group that gave the world the Android click-jacking …
ads on TV which are formatted and presented as mini TV programs.
Sure, they are broadcast in commercial breaks, but the principle is the same - "spoofing". Half-way intelligent people can tell the difference in either case and there is no financial cost to the user that I can see if the SMS is not a genuine SMS - it's not as if they had to pay to receive the non-SMS message. If advertisers want to spend their money by buying advertising thinking that they can fool people this way, I say let them.
>beep< >beep<
Nothing to see here, move along.
It will look to you and the system like an actual SMS message has come in. For my phone, I get a notification in my status bar and a popup. What happens varies depending on your phone's configuration, but it will for all intents and purposes act just like an SMS message. I learned this myself when I installed an app that had an adware kit. I ran a detector, found the offending app, and removed it.
From the Symantec article
"To send a spoofed SMS message there is no need to send a text message over the air. In fact, a message is never sent or received, instead, the system service in charge of receiving text messages is tricked into thinking a message has arrived—and it will happily store the text message and notify the user of the event. One can specify any arbitrary "from address" for the SMSishing attack and no special permissions are required to insert a spoofed message."
Based on the number of actual SMS messages that I receive with SMSishing attacks in though, it's nothing new.
That reminds me I must find out what's happening about my PPI claim. Funny thing is I don't remember taking it out...
What, you mean the same one that's pwned first every Pwn2Own?
Nice troll, but we know this sort of story about Android always leaves out or willfully ignores the start of the process, which goes something like "well if you install this app from a dodgy third-party app store (after having agreed you knew you were at your own risk by enabling sideloading and seeing the warning)..."