Galaxy S4, the latest flagship Android-based smartphone from the South Korean mobile phone maker Samsung Electronics, was found recently to pack a serious security flaw, one that could allow an attacker to silently send text messages from the device.
According to Oihoo 360 Technology, a Chinese antivirus company, the vulnerability has been discovered on June 17, and Samsung was already informed on the matter.
The flaw could potentially be exploited by SMS Trojans, the company said adding that premium text messaging charges could occur, should it be actively exploited.
Apparently, the issue resides in the cloud backup feature that Samsung packed the Galaxy S4 devices with, and could be exploited by rogue applications that contain specific code.
In addition to allowing attackers to send messages to premium numbers, the vulnerability could also be used to fake incoming SMS messages for phishing scams, the firm said in a post on its website (in Chinese), a recent article on crn.com reads.
"By exploiting the vulnerable cloud backup feature, malware could pretend to be the identity of any contact, friend, relative, or company/organization (including your banks) when faking phishing SMS messages," the firm reportedly stated.
"When these phishing SMS messages are received, users may be tricked into clicking fraudulent links or disclosing sensitive personal information."
The company also notes that Galaxy S4 users should consider temporarily turning off the cloud backup feature on their devices, at least when it is not in use.
The company also notes that those Galaxy S4 users who have its 360 Mobile Security app installed are protected from possible attacks.
For the time being, Samsung did not provide info on the matter, but it is said to have already started working on finding a fix for the issue, which means that it won’t be long before it makes an official announcement on this, so stay tuned to learn more info.