The art of smishing (SMS-Phishing) has been practiced for some time, but a discovery by the wizards at NC State University has uncovered a new vulnerability that could bring the aforesaid act back into the spotlight. Xuxian Jiang’s research team recently identified the hole and confirmed that it impacts Gingerbread, Ice Cream Sandwich and Jelly Bean. Put simply, if an Android user downloads an infected app, the attacking program can “make it appear that the user has received an SMS, or text, message from someone on the phone’s contact list or from trusted banks.” This fake message can solicit personal information, such as passwords for user accounts. The team isn’t going to disclose proof until Google patches it up, but the school has said that Google will be addressing it “in a future Android release.” For now, however, Jiang recommends additional caution when downloading and installing apps from unknown sources, while also suggesting that folks pay close attention to received SMS text messages.
Filed under: Cellphones, Software, Mobile, Google
Android ‘smishing’ vulnerability discovered by NCSU researchers; Google has a fix incoming originally appeared on Engadget on Fri, 02 Nov 2012 14:08:00 EDT. Please see our terms for use of feeds.
Permalink | Email this | Comments