Researchers uncover app that can steal your money

AUB research team reveals a smartphone app that can transfer phone credit without users’ knowledge

Tags: American University of Beirut (AUB)Application availabilityCyber crimeLebanon
  • E-Mail
Researchers uncover app that can steal your money AUB has uncovered a smartphone app that can steal phone credit.
By  Georgina Enzer Published  May 8, 2012

A smartphone application that is capable of transferring prepaid phone credit without the phone user's authorisation or knowledge has been discovered by the Network Security Group at the American University of Beirut (AUB).

Once installed, the app, which maquerades as a benign messaging app, starts sending and intercepting SMS messages, causing unauthorised credit transfers to another phone number without being detected.

"The potential impact of the app is in the loss of millions of dollars from the accounts of phone subscribers," said Imad ElHajj, one of the researchers and professor of electrical and computer engineering at AUB. "The vulnerability exists on most smartphone operating systems, and affects many operators in the region, including the two operators in Lebanon who were informed about this vulnerability."

A prototype application was demonstrated on a Samsung smartphone running the Android 2.3 operating system over both mobile network operators in Lebanon. The malware was not detected by any virus detection tools, and could be published on Google's Play Store.

This vulnerability was discovered by the group as part of a research project funded by TELUS Corporation, Canada.

2651 days ago

It was bound to happen
Just wait and see when payments
with your smartphone becomes mainstream

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code