Discovered today and promised to be solved as soon as possible. It's about a phishing vulnerability on SMS over a large number of Android gadgets. A researcher at North Carolina State University has unveiled it, saying that could be exploited to send deceptive text messages, as part of a phishing scheme. It seems that an impressive number of devices running on Gingerbread, Ice Cream Sandwich and Jelly Bean are affected by this SMS vulnerability.
The bad thing about this new vulnerability is that it doesn't need any elevated app permissions in order to function. Computer science professor Xuxian Jiang explained it: the vulnerability allows a running app on the phone to fake any SMS text message, meaning that the text message itself behaves as well as a trusted message, from one of your friends. If you download an app infected with malware, the app can easily behave like this. Obviously, those fake text messages can solicit personal information from you, such as passwords for user accounts and bank information, that's why everybody is worry about it.
The flaw is apparently present on some versions of Android, starting from 1.6 (Donut) to 4.1 (Jelly Bean). Xuxian Jiang is positive that the following gadgets could be easily exploited: Samsung's Galaxy Nexus, Nexus S and Galaxy S III, HTC's One X and Inspire and the Xiaomi MI-One.
Comparing with other brands, Google reacted quickly, confirming the presence of the vulnerability within two days of receiving the research team's report. A security patch is expected, so don't hesitate to accept it, when you will be informed about it in your notifications.
11