BEIJING, June 20, 2013 /PRNewswire/ -- Serious security
vulnerability was recently discovered on the Samsung flagship
Galaxy S4 device, which could be leveraged by malicious software to
fake arbitrary SMS text messages, which will then be received by or
sent from affected phones. This vulnerability was first discovered
on June 17 by Qihoo 360(NYSE: QIHU),
a leading Internet security company in China. The vulnerability has been promptly
reported back to Samsung after the discovery and Samsung is already
in the process of developing an official update to fix it.
This particular vulnerability is related to the "cloud backup"
feature of Galaxy S4, which is not properly protected and can be
abused. From the study, malicious software could potentially
exploit it to send fraudulent scam text messages (to order
premium-rated services) or fake incoming SMS messages (for
phishing).
The implications are serious. By exploiting the vulnerable cloud
backup feature, malware could pretend to be the identity of any
contact, friend, relative, or organization (including banks) when
faking phishing SMS messages. When these phishing SMS messages are
received, users may be tricked into clicking fraudulent links or
disclosing sensitive personal information.
While waiting for the official OTA ("Over-the-Air Technology")
update, 360's security experts have suggested a number of
mitigation strategies for users. For example, S4 users may
temporarily disable the affected "cloud backup" feature when not in
use. Qihoo 360 has also developed a temporary fix, which can be
used to mitigate and prevent this particular vulnerability from
being exploited. This fix can be deactivated after the official OTA
update is released.
Meanwhile, all current 360 Mobile Security users can update the
app to the latest version to be protected against this threat. The
latest version of 360 Mobile Security is available on Google Play.
(Download Link:
https://play.google.com/store/apps/details?id=com.qihoo.security)
About Qihoo 360
Qihoo 360 Technology Co. Ltd. (NYSE: QIHU) is a leading Internet
company in China. The Company is
also the number one provider of Internet and mobile security
products in China as measured by
its user base, according to iResearch. Qihoo 360 also provides
users with secure access points to the Internet via its market
leading web browsers and application stores. The Company has built
one of the largest open Internet platforms in China and monetizes its massive user base
primarily through online advertising and through Internet
value-added services on its open platform.
SOURCE Qihoo 360 Technology Co. Ltd.