Android Phones Still Open To WAP Attacks

3615 0

Context Researchers discover SMS-based vulnerabilities in Samsung Galaxy devices

Android phones are still vulnerable to SMS-based attacks according to researchers at Context Information Security. One of the bugs found by Context in older models of Samsung Galaxy devices could be triggered remotely and rendered the device unusable until a factory reset was performed, leaving users open to ransomware attacks. The vulnerability was triggered by the type of SMS messages sent by manufacturers and network operators for configuring carrier and other device configuration settings.

While Context alerted the Samsung Mobile Security Team who were quick to fix the problem and release a security update, the researchers believe that it is likely similar vulnerabilities exist in other Android devices. A detailed blog describing the vulnerabilities has been published today at: https://www.contextis.com/resources/blog/wap-just-happened-my-samsung-galaxy/

“Modern mobile devices are generally difficult for attackers to exploit due to increasing protection offered by the operating systems, but all phones still rely on old, complex technologies for basic functionality that are often poorly understood and documented, leaving room for bugs and ambiguities to exist,” said Neil Biggs, Head of Research at Context. “The complexity of exploiting Android devices has escalated to the point where an attacker usually requires a chain of bugs to achieve the desired effect and just looking at one specific technology we found four separate bugs.”

The vulnerabilities are borne out of WAP Push functionality, which allows content to be pushed to a mobile device with minimal or no user intervention using SMS. WAP or the Wireless Application Protocol, has been in public operation since 1999 and it is WDP (Wireless Datagram Protocol), part of the WAP suite, which provides the transport layer to move data between two endpoints or specific ports.

“WAP Push can be used to transport data for a multitude of applications but it was the Open Mobile Alliance Client Provisioning (OMA CP) protocol that allows remote device provisioning and configuration, which was the one that caught our eye and led to the discovering of the vulnerabilities,” said Tom Court, a Senior Researcher at Context.

About Context
ContextLaunched in 1998, Context has a client base that includes some of the world’s most high profile blue chip companies, alongside government organisations. An exceptional level of technical expertise underpins all Context services, while a detailed and comprehensive approach helps clients to attain a deeper understanding of security vulnerabilities, threats or incidents.  Many of the world's most successful organisations turn to Context for technical assurance, incident response and investigation services. Context is also at the forefront of research and development in security technology. As well as publishing white papers and blogs addressing current and emerging security threats and trends, Context consultants frequently present at open and closed industry events around the world. Context delivers a comprehensive portfolio of advanced technical services and with offices in the UK, Germany and Australia, is ideally placed to work with clients worldwide.

In this article