'Smishing' vulnerability in Samsung's Galaxy S4 bared

Published June 26, 2013 1:50pm

A security flaw in Samsung's popular Galaxy S4 flagship smartphone may allow a Trojan to use it to silently send text messages, a Chinese security vendor warned, paving the way for possible SMS phishing or "smishing".

China-based Qihoo 360 said the vulnerability has been reported to Samsung, which it said is developing a patch to fix the bug.

In a news release posted on the Wall Street Journal, Qihoo said the vulnerability is related to the "cloud backup" feature of Galaxy S4, "which is not properly protected and can be abused."

"The implications are serious. By exploiting the vulnerable cloud backup feature, malware could pretend to be the identity of any contact, friend, relative, or organization (including banks) when faking phishing SMS messages. When these phishing SMS messages are received, users may be tricked into clicking fraudulent links or disclosing sensitive personal information," it said.

In the meantime, Qihoo suggested that Galaxy S4 users temporarily disable the affected "cloud backup" feature when not using it.

Qihoo also offered a temporary fix that can be deactivated once Samsung makes its official update available via over-the-air (OTA).

A separate article on tech site CRN.com noted security firms have been warning about the growing increase in malware targeting devices running Google's Android. The Galaxy S4 runs on Android.

"More than half of the threats are SMS Trojans," it added. —VC, GMA News

Tags: samsunggalaxy, smishing