Are you someone who doesn’t pay even a little bit attention to all those random messages that you receive on your phone? Do you have an android phone? Have you received some sketchy looking messages on your phone recently? Or have you clicked a link in a sms lured in by some crazy deals?
If the answer to the above questions is yes, then thank your stars that you are reading this as you may now be able to save you data from hackers. Not many users know that most Android phones have a major security flaw. Just like a phishing attack one can hack an Android phone with a sms, which is known as SMSishing attack.
The security loophole has made billions of phones to be vulnerable to malicious hacking attempts. A simple looking sms can trick you into sharing the data in your phone with the hackers sitting comfortably in a remote location. It means without you even realising it your apps can be accessed remotely, the camera could be turned on and off and you may lose all your data.
Does this sound familiar to you? Its because this sms security flaw is quite similar to the Apple text hack which could either erase the data of an Apple phone or cause the phone to forcefully restart.
So how does one hack an Android phone simply with a SMS?
It is made possible through the use of OMA CP message. It the method by which the new Android phones are added to the network by the operators. To put it very simply, hackers pretending to be network operators send a sms to the phone user. The malware in the sms appears to be some type of network settings. As soon as the user accepts it, the Internet traffic (both incoming and outgoing) would be rerouted via a proxy server which belongs to the hacker.
A lot of phone, particularly certain models by Samsung, are even more prone to such attacks. In these phones, the authenticity of the sender cannot be checked. This means just as soon as the CP message is accepted by the user, the malware settings are installed in the user’s phone.
In many cases the hackers do need the IMSI or the International Mobile Subscriber Identity no. of the recipient’s phone in order to appear legitimate. This may provide some form of protection against hacking. However, in reality, the IMSI no. can be easily obtained by installing an app or simply sending a harmless looking text message to user requesting to accept the ‘new phone settings’.
Major players in the Android phone market like LG, Huawei, Samsung etc. have looked into the matter and accepted the vulnerability of their Android phones.
Tech giant Google also stated that all phones running on different versions of Android are susceptible to this bug.
The fix for this bug, unfortunately, is only available for the newer versions of Google. For the older phones with which the latest versions by Google are not compatible, there are no fixes for this bug. It means that hackers don’t have to brainstorm much on how to hack Android phone with a sms.
Hacking an Android phone is particularly dangerous because the victim does not perform any action on demand. The malware begins to process the info on the device as soon as it is received on the victim’s phone. The hacking by sending a sms is so subtle that your data may be completely compromised and one may just not come to know.
So, the next time you receive a completely harmless sms with or without any link, make sure you know you may just be dealing with a bug attack.