The Huawei P10 and Sony Xperia XZ Premium are vulnerable to a phishing attack where it seems as if the smartphone is receiving a message from the telecom provider, researchers at internet security company Check Point discovered.
The phishing method uses a protocol that is normally used by telecom providers to set specific settings for a smartphone via a message.
However, users of the affected Android smartphones cannot check whether the message in question actually comes from their provider, or from someone else with bad intentions.
A malicious person can, if he has the unique identification number of a smartphone (IMSI number), send a malicious message via the protocol. With such a message it is possible, among other things, to adjust the homepage of the internet browser and the server for MMS and e-mail messages.
The attacker can also adjust settings that show all internet traffic of the victim. In all cases, the victim must accept the rogue institutions manually.
LG and Samsung smartphones were also susceptible
The LG G6 and multiple Galaxy smartphones from Samsung were also susceptible, but both manufacturers have now removed the vulnerability with an update.
According to Check Point, Huawei will come up with an update for its Mate and P smartphones in the future that will eliminate the vulnerability. Sony would have denied the vulnerability of its devices.
Users are advised to always pay attention if they receive unexpected messages. The attack method described by Check Point is easy to parry by not simply accepting the rogue institutions.