Android devices at risk of attack
Researchers have uncovered vulnerabilities to SMS-based attacks in Android phones.
Context Information Security found a bug in older models of Samsung Galaxy devices, which can be triggered remotely and leave them open to ransomware attacks.
The Samsung Mobile Security Team was alerted and subsequently released a security update. However, the researchers have suggested that similar vulnerabilities are likely to exist in other Android devices.
“Modern mobile devices are generally difficult for attackers to exploit due to increasing protection offered by the operating systems, but all phones still rely on old, complex technologies for basic functionality that are often poorly understood and documented, leaving room for bugs and ambiguities to exist,” said Neil Biggs, head of research at Context.
“The complexity of exploiting Android devices has escalated to the point where an attacker usually requires a chain of bugs to achieve the desired effect, and just looking at one specific technology we found four separate bugs.”
The vulnerabilities are borne out of WAP Push functionality, which allows content to be pushed to a mobile device with minimal or no user intervention using SMS. WAP, or the Wireless Application Protocol, has been in public operation since 1999 and it is WDP (Wireless Datagram Protocol), part of the WAP suite, which provides the transport layer to move data between two endpoints or specific ports.
“WAP Push can be used to transport data for a multitude of applications, but it was the Open Mobile Alliance Client Provisioning (OMA CP) protocol, that allows remote device provisioning and configuration, which was the one that caught our eye and led to the discovering of the vulnerabilities,” said Tom Court, a senior researcher at Context.
GenAI 'grey bots' scraping data from websites
Research from Barracuda has highlighted the issue of morally and legally ambiguous 'grey...
Tanium partners with DXC on endpoint management
Tanium has secured a partnership agreement with DXC that will leverage the company's...
Surge in GenAI data uploads increasing unintentional cyber risk: report
Without proper data security controls, GenAI can turn employees into unintentional...