North Carolina State University researchers have revealed a vulnerability in Android that allows SMS messages to be sent from one app to another without going over the air, something they say could be used for SMS phishing attacks. The Xuxian Jiang-led team is the same group that gave the world the Android click-jacking rootkit …
Yet another vulnerability on my android phone.
Re: Is this
It certainly is. By the way, your credit card company asked me to tell you to call them, There's been some misuse of your card and it's being blocked. Their number is 089812345678.
ads on TV which are formatted and presented as mini TV programs.
Sure, they are broadcast in commercial breaks, but the principle is the same - "spoofing". Half-way intelligent people can tell the difference in either case and there is no financial cost to the user that I can see if the SMS is not a genuine SMS - it's not as if they had to pay to receive the non-SMS message. If advertisers want to spend their money by buying advertising thinking that they can fool people this way, I say let them.
Nothing to see here, move along.
Does this open the actual SMS app or does it create a new window which looks like an SMS app?
It will look to you and the system like an actual SMS message has come in. For my phone, I get a notification in my status bar and a popup. What happens varies depending on your phone's configuration, but it will for all intents and purposes act just like an SMS message. I learned this myself when I installed an app that had an adware kit. I ran a detector, found the offending app, and removed it.
From the Symantec article
"To send a spoofed SMS message there is no need to send a text message over the air. In fact, a message is never sent or received, instead, the system service in charge of receiving text messages is tricked into thinking a message has arrived—and it will happily store the text message and notify the user of the event. One can specify any arbitrary "from address" for the SMSishing attack and no special permissions are required to insert a spoofed message."
Based on the number of actual SMS messages that I receive with SMSishing attacks in though, it's nothing new.
That reminds me I must find out what's happening about my PPI claim. Funny thing is I don't remember taking it out...
Another android security issue, I'm truly shocked.
Sent from my secure iphone
What, you mean the same one that's pwned first every Pwn2Own?
Nice troll, but we know this sort of story about Android always leaves out or willfully ignores the start of the process, which goes something like "well if you install this app from a dodgy third-party app store (after having agreed you knew you were at your own risk by enabling sideloading and seeing the warning)..."
First owned because it's the one everyone goes after since it's the most cherished prize of them all. So really the only bragging rights you could have is if your phone wasn't owned at all. Can you say that?
Nope! But neither can anyone else, which was my original point. IOS has the user base and monetary motivation to make hackers look for exploits. You just haven't heard about them.
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16
- Special Report How Britain could have invented the iPhone: And how the Quangocracy cocked it up
- I KNOW how to SAVE Microsoft. Give Windows 8 away for FREE – analyst