1.23 Billion Android Users at Risk

September 5, 2019 admin 0 Comments

Researchers from Check Point, an Israeli security company disclosed on August 7 that WhatsApp can be convinced into changing the text of a message and also the identity of the sender. Earlier this month, Check Point Research (the threat intelligence branch of Check Point) revealed that a critical vulnerability in Android phones make them easy to be targeted, which can expose all the email of a user.

The vulnerability can be attacked simply by a SMS, leaving private emails of the users utterly at risk. It has also been established by Check Point Research that the most vulnerable Android phones are manufactured by Huawei, LG, Sony and Samsung. Over 50% of the Android phones in the world are built by these companies.

“According to the stats of 2019, there are a total of three billion smartphone users in the world with Android having a market share of 76% in the market. In other words, 1.25 billion Android users are at risk of being attacked by hackers.”

How is Android at risk

Android phones are at risk because of the over-the-air (OTA) provisioning messages. When you join a new new mobile network provider, you are asked by the smartphone to update your settings to work smoothly with the network provider. This OTA provisioning method is also used by organizations while configuring the devices of employees to work efficiently with the email servers of company.

Stuart Peck, who is the director of cybersecurity strategy at ZeroDayLab also raised the same concerns. Mr. Peck said, “It’s pretty serious as it would give an attacker a lot of options to control or maliciously manipulate the targeted device, especially on Android devices where there is no verification required from the sender”.

The industry standard for this provisioning is Open Mobile Alliance Client Provisioning (OMA CP). It was last updated in 2009 and only has a limited number of basic authentication methods that validate the sender of these OTA provisioning messages.

The researchers at Check Point found out that a hacker/attacker can pose themselves as network operator to send messages to users and exploit them into accepting network settings – which will expose their emails. Just a simple SMS message and click is all it takes for an attacker to read all emails of an Android user, the researchers mentioned.

How crucial is the risk?

The co-founder of Human Firewall, Ed Tucker said that although this is not a relatively new threat in the digital world but the potential scale of it is massive, which leaves millions of people at absolute risk. He also mentioned that one of the factors why it is critical is that people tend to fall for SMS-based phishing, believing the SMS is actually from their network provider.

He said, “how many users will even stop and think, let alone recognize the potential risk involved in blindly accepting the authenticity of the message”. While email phishing does not really have much impact because of awareness among people, SMS phishing is a new topic.If an individual’s emails are seen by an intruder or hacker, they can most probably get access to their bank details and other accounts.

Stuart Peck, who is the director of cybersecurity strategy at ZeroDayLab also raised the same concerns. Mr. Peck said, “It’s pretty serious as it would give an attacker a lot of options to control or maliciously manipulate the targeted device, especially on Android devices where there is no verification required from the sender”.

Android smartphones with higher vulnerability factor

Researchers found out that Samsung smartphones are the most vulnerable among all Android phones. The reason being, Samsung does not perform any sort of authenticity checks to verify if the sender of these provisioning messages is a poser or real. This is an unfortunate news, given the fact that Samsung is the biggest contender in the Android smartphone market.

Once a user accepts the message, the sender can simply reroute the internet traffic of the smartphone and intercept it as he/she pleases. On the other hand, LG, Sony and Huawei do require authentication of the sender. They user International Mobil Subscriber Identity (IMSI) to do but even this method has it flaws. IMSI can be easily obtained by using several applications.

How can Android users mitigate the risk?

Although there is no doubt that the vulnerability risk exists but it does not automatically mean that you will be targeted or exploited. All of these findings were disclosed to the mobile companies in March of 2019 and as a result, they are takings steps to eradicate risks. A fix for SMS phishing has been addressed by Samsung for its Security Maintenance Release in May, and LG has released their fix in July, Huawei will be include UI fixes in the next generation Mate-series or P-series phones.

In regard to this, Tucker said, “The real drive needs to be with the device manufacturers to mitigate such weaknesses and push users to update as quickly as possible”. And last but not the least, users should also try to remain more cautious, read the SMS messages properly and not respond before getting in touch with the network provider.