Hackers can fake a special kind of SMS message that usually comes from mobile operators and trick users into modifying device settings, and, as a result, re-route their email or web traffic through a malicious server.
This attack vector, discovered and detailed in a report published today by cyber-security firm Check Point, is about OMA CP instructions, also known as provisioning messages.
OMA CP stands for Open Mobile Alliance Client Provisioning. It refers to a standard through which mobile operators can send network settings to customer devices as special SMS messages.