Google bug affecting 2.5BILLION 'lets hackers steal emails with one text' – Samsung, Sony, Huawei and all Android phones affected, experts warn
A SHOCKING bug in Android phones leaves you open to being hacked with a simple text, cyber-experts have warned.
The flaw – which experts say can be exploited on any Google Android phone – could give crooks access to your entire web history.
It would also allow hackers to pry on your incoming and outgoing emails.
This would potentially allow them to carry out even more serious hack attacks using stolen information.
Around 2.5billion people use Android phones a month, and cyber-experts warn all models are vulnerable.
"Given the popularity of Android devices, this is a critical vulnerability that must be addressed," said Check Point's Slava Makkaveev, who helped uncover the flaw.
The flaw even applies to phones from popular brands like Samsung, Huawei, Sony and LG.
Hackers use a broken system that lets them counterfeit SMS messages to seem like they're coming from your phone network.
Smartphones use something called Open Mobile Alliance Client Provisioning, or OMA CP.
This system lets your phone network update your phone settings remotely.
Hackers send you a text, pretending to be from your network and requesting to issue an OMA CP update.
This would normally be blocked because networks should be authenticated by the Android operating system.
But a bug means that hackers can avoid failing the authentication checks – allowing them to gain access to your phone.
"It takes only a single SMS message to gain full access to a device’s emails," researchers explained.
"The device’s user cannot verify whether the rogue SMS and suggested updates to settings originate from their network carrier or from a hacker.
"Also, anyone connected to a cellular network can be targeted by these attacks, as users don’t have to be connected to a Wi-Fi network."
This flaw lets hackers intercept your web traffic, experts say.
And they can even read your emails remotely, by routing them through their own hacked servers.
Android bug – how to stay safe
Here’s what you need to know…
- Firstly, be suspicious of every link you receive over text
- Even if a text appears to come from a network operator, it may be fraudulent
- It may be worth contacting your network to verify texts asking you to click links or hand over details
- Samsung has fixed this issue in a May update (SVE-2019-14073) so you'll be safe if you install that
- LG fixed the issue in July with an update (LVE-SMP-190006) so make sure to update your phone
- Huawei is planning to include fixes shortly
- And Sony claims that its devices now follow the correct specifications to prevent this kind of bug
- If you use another Android phone, check with your phone maker to find out if the bug affects you
"Without a stronger form of authentication, it is easy for a malicious agent to launch a phishing attack through over-the-air provisioning," said Makkaveev.
"When the user receives an OMA CP message, they have no way to discern whether it is from a trusted source.
"By clicking 'accept', they could very well be letting an attacker into their phone."
We've asked Google, Samsung, Sony and Huawei for comment and will update this story with any response.
MOST READ IN TECH
Three HIDDEN iPhone tricks all Apple fans should try now
Billions of WhatsApp users told to NEVER click dodgy text you could get today
Pilot spots UFO 'transforming' 37,000 feet over Texas in ‘beyond spectacular’ sight
WhatsApp hack all iPhone owners needs to know – and it only takes seconds
Experts recently revealed an alarming Google Chrome bug that lets hackers hijack your computer.
Google recently warned that billions of website passwords have been hacked.
And a shock Instagram blunder let strangers secretly download your photos, videos and location – with "millions of users" affected.
Which tech companies do you trust to look after your privacy? Let us know in the comments!
Source: Read Full Article