Researchers find that a spoofing a service message from the phone carrier is simple and effective on some brands of Android smartphones. Using text messages with embedded links, security researchers from Check Point Software Technologies recently discovered that spoofing messages from a phone carrier could be used to configure certain features, including e-mail and the directory server, of several brands of Android phones. The attack uses over-the-air (OTA) provisioning messages, a technique used by carriers to deploy certain configurations to phones for their network: but the malicious attack exploits design weaknesses on several brands of Android phones, including Samsung, Sony, LG, and Huawei.
Source: Dark Reading