Researchers from the North Carolina State University have identified a smishing vulnerability that affects all versions of Android, including Jelly Bean, Ice Cream Sandwich, Froyo and Gingerbread.
Smishing attacks are actually phishing attacks that rely on SMS messages. They’re often utilized by cybercriminals to steal information from unsuspecting mobile phone users.
According to Xuxian Jiang, an associate professor at the university’s Department of Computer Science, the security hole can be leveraged by an application to create fake arbitrary SMS messages.
“One serious aspect of the vulnerability is that it does not require the (exploiting) app to request any permission to launch the attack (In other words, this can be characterized as a WRITE_SMS capability leak.),” Jiang explained.
Google has been informed of the vulnerability. The company promised to address the issue in a future Android release.
In the meantime, experts advise users to be cautious when installing apps, especially ones from unknown sources. Also, Android customers are recommended to carefully analyze suspicious SMS messages to avoid falling victims to phishing attacks.