Security hole opens a billion Android users to advanced SMS phishing attacks
By: FNU LNU
Published: September 4, 2019
* The affected Android phones use over-the-air (OTA) provisioning, which allows mobile network operators to deploy network-specific settings to a new phone joining their network.
* Researchers found that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), includes limited authentication methods. This can be exploited, enabling hackers to pose as network operators and send deceptive OMA CP messages to users.