Source: HelpNetSecurity
By: FNU LNU
Published: September 4, 2019
* The affected Android phones use over-the-air (OTA) provisioning, which allows mobile network operators to deploy network-specific settings to a new phone joining their network.
* Researchers found that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), includes limited authentication methods. This can be exploited, enabling hackers to pose as network operators and send deceptive OMA CP messages to users.
Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.
