Android devices at risk of attack
Researchers have uncovered vulnerabilities to SMS-based attacks in Android phones.
Context Information Security found a bug in older models of Samsung Galaxy devices, which can be triggered remotely and leave them open to ransomware attacks.
The Samsung Mobile Security Team was alerted and subsequently released a security update. However, the researchers have suggested that similar vulnerabilities are likely to exist in other Android devices.
“Modern mobile devices are generally difficult for attackers to exploit due to increasing protection offered by the operating systems, but all phones still rely on old, complex technologies for basic functionality that are often poorly understood and documented, leaving room for bugs and ambiguities to exist,” said Neil Biggs, head of research at Context.
“The complexity of exploiting Android devices has escalated to the point where an attacker usually requires a chain of bugs to achieve the desired effect, and just looking at one specific technology we found four separate bugs.”
The vulnerabilities are borne out of WAP Push functionality, which allows content to be pushed to a mobile device with minimal or no user intervention using SMS. WAP, or the Wireless Application Protocol, has been in public operation since 1999 and it is WDP (Wireless Datagram Protocol), part of the WAP suite, which provides the transport layer to move data between two endpoints or specific ports.
“WAP Push can be used to transport data for a multitude of applications, but it was the Open Mobile Alliance Client Provisioning (OMA CP) protocol, that allows remote device provisioning and configuration, which was the one that caught our eye and led to the discovering of the vulnerabilities,” said Tom Court, a senior researcher at Context.
Red Hat, IBM launch open source threat remediation tool
IBM and Red Hat have jointly launched an AI-powered solution for automating the...
Cloudflare launches superior CAPTCHA alternative
Cloudflare has launched into general availability a solution capable of continuously monitoring...
APAC workers in need of phishing training: report
A report from workforce security company KnowBe4 indicates that 1 in 3 Australian employees is...
