NC State University Research Team recently identified that there is a new malware vulnerability. The vulnerability has been confirmed by Google, threat included are those android platforms running on Gingerbread, Ice Cream Sandwich and Jelly Bean.
Specifically, Xuxian Jiang’s research team at NC State has identified an SMS-phishing (“smishing”) vulnerability. If an Android user downloads an infected app, the attacking program can make it appear that the user has received an SMS, or text, message from someone on the phone’s contact list or from trusted banks. This fake message can solicit personal information, such as passwords for user accounts.
“For responsible disclosure, we will not publish the details of the vulnerability until an ultimate fix is out,” Jiang says. “However, we think all recent Android phones are vulnerable.”
Pending the release of a fix from Google, Jiang says “users are encouraged to be cautious when downloading and installing apps (particularly from unknown sources). As always, it is important to pay close attention to received SMS text messages, in order to avoid being duped by possible phishing attacks.”
A full write-up from Jiang’s team is available here, and Jiang’s team has posted a demo video here. ( NC State University )
