Chinese security company Qihoo 360 Technology recently announced that it had discovered a security flaw in the cloud backup feature of the Samsung Galaxy S4, which could be leveraged to force the phone to send text messages to premium-rate services, or to fake incoming text messages for phishing purposes (h/t CRN).
"The implications are serious," the company said in a Facebook post. "By exploiting the vulnerable cloud backup feature, malware could pretend to be the identity of any contact, friend, relative, or company/ organization (including your banks) when faking phishing SMS messages. When these phishing SMS messages are received, users may be tricked into clicking fraudulent links or disclosing sensitive personal information."
The company says the vulnerability was discovered on June 17, 2013, and was immediately reported to Samsung, which is already in the process of developing an update to patch the flaw.
In the meantime, Qihoo 360 is recommending that Samsung Galaxy S4 users temporarily disable the cloud backup feature when not in use.