Mobile security researches at NC State University have revealed a new vulnerability in the popular Android platform, including Gingerbread, Ice Cream Sandwich and Jelly Bean, that makes these Android versions susceptible to SMSishing – or the act of phishing through SMS messages.
Google has confirmed this vulnerability and plans to address it in the future releases of Android.
Xuxian Jiang’s research team at NC State uncovered that if an infected app is downloaded by an Android user, the attacking program can camouflage itself by making it “appear that the user has received an SMS, or text, message from someone on the phone’s contact list or from trusted banks”. This fake message can make users give away their personal information including passwords for user accounts.
The team is still waiting for an official fix from Google to be out before it publishes the details of the vulnerability. In the mean time, Android users are urged to pay close attention to the apps they download and the SMS messages they receive, especially from unknown sources.
So, all you ethical hackers and geeks out there, are you listening? This seems like a potential opportunity to show some of your talents and fix this up for the vast amount of Android users that can be affected by this. It is time to earn some good Kharma by burning some midnight oil! So get set and go and save the world! Also, don’t forget to spread the word – tell us if you have received anything like this!