When purchasing a new smartphone, while we are traveling in another country or when we change our phone number, we need to insert a new SIM card into the device. After the card finds coverage, it is common for users or vendors to skip some steps to go directly to the Access Point Name (APN) configuration, which allows access to the wireless network. However, network security experts say it is possible to abuse this process to intercept a device’s traffic.
Usually, the APN is sent to users via text messages (SMS). The few security measures in this protocol allow malicious hackers to send fraudulent messages that serve as a means of accessing a compromised device. A team of experts from security firm Check Point mentions that among the data that can be configured in APN it is the proxy, but because the vast majority of mobile operators use transparent proxies, you do not need to configure this option.
In their research, network security experts claim that some smartphone manufacturers with Android operating system (including Samsung, LG, Huawei, and Sony) did not think about including any protection system for sending and receiving SMS, which leaves the door open for threat actors to send a malicious SMS asking target users to update the operator’s data and thus redirect the victim’s mobile traffic to a proxy controlled by the attackers.
This attack has the potential to compromise all traffic passing through the mobile device, regardless of whether it is encrypted or not. This means that, if successful, an attacker could access details such as the victim’s browsing history, chats, photos, videos and even emails. In addition to malicious SMS, all hackers require to launch the attack is the victim to be connected to a mobile network.
Network security experts also mentioned that, although there is an industry standard for secure SMS sending (Open Mobile Alliance Client Provisioning), it does not have the necessary powers to force service providers authenticate these messages using one of the available methods (such as USERPIN, NETWPIN, among others). In the absence of this implementation, it is impossible for target users to verify the actual provenance of an SMS.
Although this already sounds bad enough, the worst part comes further. Almost anyone with the minimum technical knowledge can carry out this attack, only a USB dongle (available from $10 USD) is required, which can be used for mass sending SMS, although it is also possible to direct the attack to a specific user.
Affected manufacturers were reported by researchers a few months ago. While Samsung fixed these flaws in its May update and LG did so in June, the rest of the companies have not announced any fixes to mitigate the risk of attack. According to network security experts from the International Institute of Cyber Security (IICS) Sony mentioned that there is no need to update its software, as it is designed according to the specifications of the Open Mobile Alliance, however, this research team demonstrated that this is not enough to ensure user protection when sending or receiving SMS messages.