BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Most Versions of Android have SMiShing Vulnerability

Posted November 5, 2012    Bobby DeSimone and Scott Ellis

Researchers at NC State University have discovered a vulnerability that allows a zero-permission App to fake SMS messages and thus lead to potential SMS Phishing (or SMiShing).   By creating fake SMS messages from legitimate looking sources, a mal-ware app could fool a user into clicking on a link to a rogue site with the intension of phishing for personal information.  While this process is not new and even Apps that create fake SMS messages have been around for while, this vulnerability allows an App to do so without asking for any SMS permission.

Google has confirmed this vulnerability as of 11/1/2012 and promised a fix/update in future Android versions. Affected versions of Android include Froyo (2.2.x), Gingerbread (2.3.x), Ice Cream Sandwich (4.0.x), and Jelly Bean (4.1).  Researchers even confirmed it all the way back to Android 1.6.

As more unfolds on this issue, we’ll keep you updated. In the meantime, please watch the “SMiShing Vulnerability Demo in Android” video below.

Tags:
, , , , , , , ,

Leave a Reply

Additional articles

dave-shackleford-headshot

Why You Still Suck at Patching…and How to Turn Your Life Around

Posted March 25, 2015    Dave Shackleford

Live webinar | March 26, 2015 | 10am PT/1pm ET | Dave Shackleford, SANS Instructor | Why You Still Suck at Patching…and How to Turn Your Life Around

Tags:
, ,
infographic

Privilege Gone Wild 2: Over 25% of Organizations Have No Privileged Access Controls

Posted March 24, 2015    Scott Lang

BeyondTrust recently conducted a survey, with over 700 respondents, to explore how organizations view the risk of misuse from privileged account misuse, as well as trends in addressing and mitigating those risks.

Tags:
,
webinar_ondemand

On Demand Webinar – A Security Expert’s Guide: The Windows Events You Should be Tracking and Why

Posted March 23, 2015    Lindsay Marsh

On-Demand Webinar – Windows Security Expert and MCSE, Russell Smith, discusses the Windows Events you should be tracking right now and why. He will also show you how to set up Event Log subscriptions so you have better monitoring across your Windows environments.

Tags:
, ,