SMS Phishing Exploit Found on Android

There’s a new security vulnerability in the Android world. This one focuses on fake SMS messages that can trick you into sharing information. An associate professor at NC State University, came across this while working on a research project focused on smartphones. Basically, any nefarious application could display  a SMS notification on the device and make it appear to come from a person listed in the device’s contacts. Typically, these phishing attempts are aimed at getting unsuspecting users to a fake website where they would enter personal information. What’s worrisome about this particular attack is that the SMS message would appear to be from a known source, making it all the more likely that you will follow the link or attempt to assist in some way.

Google has been made aware of the issue and they have confirmed its existence, and a fix will be issued for this in a future release of Android. And this is where I get a little worried. “A future Android release”? The actual number of devices that get upgrades is pretty small, and considering that this vulnerability dates back to Android 1.6 (Donut), that’s a large number of people left out in the cold. Google should be looking at releasing a patch or hotfix that can be applied to all devices, regardless of them being updated to the newest OS.

I fully expect the hard-core Android community to brush it off by saying that you should be more careful about the applications you choose to install. That’s an old and tired excuse that many used back in the Windows XP days. Yes, you should be careful, but at the same time the OS needs to be responsible for these security holes and they need to take steps to protect their users. Installing anti-virus is only part of the solution, and many don’t want that on their mobile devices. It’s getting harder and harder for me to recommend Android devices to the non-tech savvy user.

(Source = NC State University via Engadget)

About Mike Temporale

Mike Temporale has written 614 posts on Mobile Jaw..

Mike Temporale grew up fascinated by computers since an early age. His first hands on with a computer came when he was 7 years old and a travelling lab of Commodore PET computers made a stop at his school. Hooked on the new world these devices offered, he took any chance possible to get in front of a computer. When Compaq launched the iPaq 3600, he was hooked again. This time on a whole new world of mobile computing. Today, Mike spends his day helping clients deploy and manage their mobile device around the world. From installing custom software, to locking and securing data, and everything in between. He is also the Editor in Chief at Mobile Jaw - a site focused on today's mobile world.