However, Check Point Research found that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), allows anyone can send OTA provisioning messages.Ī lack of robust authentication allows potential attackers to pose as network operators before sending deceptive OMA CP messages to users.
Oma client provisioning android#
The affected Android phones use over-the-air (OTA) provisioning, a technology that allows mobile network operators to deploy network-specific settings to a new phone joining their network. The security weakness creates a mechanism for counterfeit SMS messages posing as network configuration updates to compromise the security of phones from Samsung, Huawei, LG, Sony, and others.Īttackers could exploit the security weakness as part of an attack that would allow them to intercept email traffic to and from mobiles, among other exploits.īooby-trapped SMS messages might be disguised as a seemingly innocuous “update network settings” text, supposedly sent from an intended target’s mobile network provider.Ĭheck Point notified Android device manufacturers about the issue six months ago and mitigations have since been developed. Weak mobile authentication opens the door to attackĪ security shortcoming in many leading Android phones leaves users vulnerable to advanced phishing attacks, researchers at Check Point warn.
0 kommentar(er)
