SMS phishing isn’t anything new. It’s been around for some time now, but researchers at North Carolina State University have discovered a vulnerability in Android that could bring back the practice in a big way. The vulnerability affects devices running Gingerbread, Ice Cream Sandwich, and Jelly Bean platforms for Android.
SMS phishing is just like how it sounds. If you downloads an app infected with malware, the app can make it appear as if you’re receiving text messages from someone on your phone’s contact list. Obviously, these fake text messages can solicit personal information from you, such as passwords for user accounts and bank information.
Google has confirmed the vulnerability and has said that a fix will be issued “in a future Android release.” Whether if this will be in an incremental update, such as Android 4.2.1, or even the next major release of Android, like the rumored Android 4.3 Key Lime Pie, isn’t yet known, but it seems Google isn’t too worried about it at this point.
For now, however, the researchers recommend simply just taking extreme caution when downloading and installing apps, especially from unknown sources. Plus, they recommend users pay close attention to text messages and confirm that you’re actually talking to someone you know, rather than a bot that is attempting to steal personal information.