Researchers ID 'smishing' vulnerability in Android

November 5, 2012 by Matt Shipman

(Phys.org)—Mobile security researchers have identified a new vulnerability in popular Android platforms, including Gingerbread, Ice Cream Sandwich and Jelly Bean. The vulnerability has been confirmed by Google, and will be addressed in a future Android release.

Specifically, Xuxian Jiang's research team at NC State has identified an SMS-phishing ("smishing") vulnerability. If an Android user downloads an infected app, the attacking program can make it appear that the user has received an SMS, or text, message from someone on the phone's contact list or from trusted banks. This fake message can solicit personal information, such as passwords for user accounts.

"For responsible disclosure, we will not publish the details of the vulnerability until an ultimate fix is out," Jiang says. "However, we think all recent Android phones are vulnerable."

This video is not supported by your browser at this time.

Pending the release of a fix from Google, Jiang says "users are encouraged to be cautious when downloading and installing apps (particularly from unknown sources). As always, it is important to pay close attention to received SMS text messages, in order to avoid being duped by possible phishing attacks."

Explore further: Apple says it's fixed iPhone SMS vulnerability

More information: A full write-up from Jiang's team is available here: ttp://www.csc.ncsu.edu/faculty/jiang/smishing.html

Related Stories

Apple says it's fixed iPhone SMS vulnerability

July 31, 2009

(AP) -- Apple Inc. says it has fixed an iPhone vulnerability that lets hackers knock people offline - and possibly take over the phones - by sending them specially crafted text messages.

Microsoft engineer eyeballs Android botnet

July 4, 2012

(Phys.org) -- A Microsoft engineer has spotted a botnet that targets Yahoo! Mail users using Android devices. Terry Zink , who also writes an Internet security blog, said he has evidence of a botnet running on Android devices ...

Recommended for you

Team develops targeted drug delivery to lung

September 2, 2015

Researchers from Columbia Engineering and Columbia University Medical Center (CUMC) have developed a new method that can target delivery of very small volumes of drugs into the lung. Their approach, in which micro-liters ...

Team creates functional ultrathin solar cells

August 27, 2015

(Phys.org)—A team of researchers with Johannes Kepler University Linz in Austria has developed an ultrathin solar cell for use in lightweight and flexible applications. In their paper published in the journal Nature Materials, ...

Magnetic fields provide a new way to communicate wirelessly

September 1, 2015

Electrical engineers at the University of California, San Diego demonstrated a new wireless communication technique that works by sending magnetic signals through the human body. The new technology could offer a lower power ...

Smart home heating and cooling

August 28, 2015

Smart temperature-control devices—such as thermostats that learn and adjust to pre-programmed temperatures—are poised to increase comfort and save energy in homes.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.