Feeds

back to article Android adware capability a vulnerability, claim boffins

North Carolina State University researchers have revealed a vulnerability in Android that allows SMS messages to be sent from one app to another without going over the air, something they say could be used for SMS phishing attacks. The Xuxian Jiang-led team is the same group that gave the world the Android click-jacking rootkit …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Is this

Yet another vulnerability on my android phone.

1
2
Silver badge
Thumb Up

Re: Is this

It certainly is. By the way, your credit card company asked me to tell you to call them, There's been some misuse of your card and it's being blocked. Their number is 089812345678.

3
0
Coat

ads on TV which are formatted and presented as mini TV programs.

Sure, they are broadcast in commercial breaks, but the principle is the same - "spoofing". Half-way intelligent people can tell the difference in either case and there is no financial cost to the user that I can see if the SMS is not a genuine SMS - it's not as if they had to pay to receive the non-SMS message. If advertisers want to spend their money by buying advertising thinking that they can fool people this way, I say let them.

>beep< >beep<

Nothing to see here, move along.

3
1
Silver badge

Does this open the actual SMS app or does it create a new window which looks like an SMS app?

0
0
Silver badge

It will look to you and the system like an actual SMS message has come in. For my phone, I get a notification in my status bar and a popup. What happens varies depending on your phone's configuration, but it will for all intents and purposes act just like an SMS message. I learned this myself when I installed an app that had an adware kit. I ran a detector, found the offending app, and removed it.

0
0
Stop

From the Symantec article

"To send a spoofed SMS message there is no need to send a text message over the air. In fact, a message is never sent or received, instead, the system service in charge of receiving text messages is tricked into thinking a message has arrived—and it will happily store the text message and notify the user of the event. One can specify any arbitrary "from address" for the SMSishing attack and no special permissions are required to insert a spoofed message."

Based on the number of actual SMS messages that I receive with SMSishing attacks in though, it's nothing new.

That reminds me I must find out what's happening about my PPI claim. Funny thing is I don't remember taking it out...

0
0
Trollface

Another android security issue, I'm truly shocked.

Sent from my secure iphone

0
2
Trollface

What, you mean the same one that's pwned first every Pwn2Own?

Nice troll, but we know this sort of story about Android always leaves out or willfully ignores the start of the process, which goes something like "well if you install this app from a dodgy third-party app store (after having agreed you knew you were at your own risk by enabling sideloading and seeing the warning)..."

0
1
Trollface

First owned because it's the one everyone goes after since it's the most cherished prize of them all. So really the only bragging rights you could have is if your phone wasn't owned at all. Can you say that?

0
0
Devil

Nope! But neither can anyone else, which was my original point. IOS has the user base and monetary motivation to make hackers look for exploits. You just haven't heard about them.

0
0
This topic is closed for new posts.