Researchers unveil Android’s vulnerability to ‘SMSishing’

November 4, 2012

Mobile security researches at NC State University have revealed a new vulnerability in the popular Android platform, including Gingerbread, Ice Cream Sandwich and Jelly Bean, that makes these Android versionsĀ susceptible to SMSishing ā€“Ā or the act of phishing through SMS messages.

Google has confirmed this vulnerability and plans toĀ address it in the future releases of Android.

Xuxian Jiang’s research team atĀ NC State uncovered that if an infected app is downloaded by an Android user, the attacking program canĀ camouflage itself Ā by making it “appearĀ that the user hasĀ receivedĀ an SMS, or text, message from someone on the phoneā€™s contact list or from trusted banks”.Ā  This fake message can make users give away theirĀ personal information including passwords for user accounts.

The team is still waiting for an official fix from Google to be out before it publishes the details of the vulnerability. In the mean time, Android users are urged to pay close attention to the apps they download and the SMS messages they receive, especially from unknown sources.

So, all you ethical hackers and geeks out there, are you listening? This seems like a potentialĀ opportunityĀ to show some of your talents and fix this up for the vast amount of Android users that can be affected by this. It is time to earn some good Kharma by burning some midnight oil! So get set and go and save the world! Also, don’t forget to spread the word ā€“ tell us if you have receivedĀ anything like this!