Security - Malware - OMACP vulnerability?

Shaman34 · June 8, 2020, 5:36pm

Hey everyone,

as a crypto investor, I came across a scammer claiming to be a bitcoin miner on reddit who sent me their site link that I visited. I only messaged them a few x on Reddit and Instagram to verify their identity - I downloaded no files and entered no personal info. But, they somehow found my phone #, then texted me without my permission and lied saying they got from my voicemail ( I didn’t leave one). I know they’re a scammer, the question is how they got my phone # and have they hacked my phone? I visited their site on my PC, they could’ve gotten my # from that, and that could be compromised too.

I noticed this OMACP grey icon showed up for only ~3 sec in notifications after restarting the phone, then it disappears quickly, why?
.

After some research, and seeing potential vulnerability of OMACP
https://research.checkpoint.com/2019/advanced-sms-phishing-attacks-against-modern-android-based-smartphones/ , I did a factory reset on my Teracube to wipe off any malware. I heard that flashing and booting the phone are absolute certain defenses here but heard that can void warranty and increase security risk if you do it wrong.

Before reset, the OMACP app was there, but not in app settings, i have to type it in search. Now, after the reset, the OMACP is still there, but is not on my old Android Samsung phone. Is this just a messaging protocol that should be on the Teracube or not? Some sources say the hacker may need to send a CP request and need my permission to access the phone but others make it seem like they don’t - I have no idea on any of this. How do I take all steps to make sure that my phone isn’t hacked and what other kind of security threats should I be aware of? I’m willing to have a discussion to figure this out - I know it can be involved to trouble shoot.

I can NOT afford my funds to be stolen or I will be devastated. I’m not tech savvy but want to learn more, anyone who is and open to share would be MUCH appreciated! I love the phone and community and co. mission. Please help??

Sharad · June 8, 2020, 7:44pm

Hi @Shaman34 - thank you for pointing this out. Omacp is Mediatek’s app to do SIM configuration and is included on all their phones.

It seems Google fixed this vulernability in Android as part of May 2020 security updates - https://source.android.com/security/bulletin/2020-05-01 (search for “CVE-2020-0064” or “Omacp”). We’ll take this up with Mediatek right away and should get it fixed as part of the next update.

Since this is a relatively new vulnerability, most phones (including ours) still do not have the patch. Please be assured that we will work on this right away and should have an update for you soon.

Shaman34 · June 8, 2020, 6:52pm

Thanks Sharad! Currently, I have a serious security issue, can you please see this post? Security - Malware - OMACP vulnerability?. Also is there anyone on chat or phone that can discuss such matters? This is very urgent, Thanks!

Sharad · June 8, 2020, 7:47pm

Thanks for pointing it out. I have posted a reply to your thread just now. Let me know if you will still like to have a conversation.

ps : If you don’t mind, I’ll move your msg to the relevant thread to preserve the current topic’s intent.

Shaman34 · June 8, 2020, 7:50pm

yes of course Sharad! I love you guys! Such good service, I tell everyone about you b/c you’re honestly my favorite company I’ve had in possibly forever lol.

Sharad · November 11, 2020, 9:56pm

Providing overdue update on this thread. SW7 should have this fixed as part of the May 2020 security patches.

Roger_Curtis · March 20, 2021, 10:37am

Hello, I bought my Vivo V20 in January 2021, but Today( March 2021) I just came across that OMACP notification in my phone…is this device infected…please lemme know.? and a possible solution for this!

Sharad · March 22, 2021, 8:57pm

Hi @Roger_Curtis - OMACP is a standard SIM related app from Mediatek. This security issue was fixed in Teracube one as part of SW7 update. Teracube 2e does not have this issue.

Raman · July 2, 2021, 5:12pm

Hi, did u receive a solution for this? I’ve also recently purchased Vivo v20 pro and. See this notification pop up after every restart.
Plsd to hear,

Raman · July 2, 2021, 5:13pm

Hi, Sharad do we as end user have to anything to resolve it? Is this omacp safe to be in our system? Kindly guide.

Sharad · July 2, 2021, 9:06pm

Please note that Omacp is a network utility provided by Mediatek and is fully safe. The security issue was fixed in May 2020.

sameer_mehta · September 7, 2021, 9:55pm

If this is related to mediatek then can you please clarify as to why it’s running on Snapdragon phones ,I have vivo x60 with sd870 and this service does run at restart everytime ,just want to make sure that I am not hacked ,response would be appreciated, thanks

Sharad · September 8, 2021, 4:16am

Hi @sameer_mehta - welcome to Teracube forums. Oma cp is a type of provisioning message used by carriers to configure the headset. This would explain why both Mediatek and Qualcomm devices would have an application to handle those messages and probably call the app Omacp.

The vulnerability itself was probably on how the messages were being handled (instead of the app itself being rogue). Google put out the security bulletin which was fixed by the chipset makers. In our case, Mediatek put out the fix.

Long story short - I’ll say that the Omacp app on your phone is already patched (atleast in case of Teracube phones) and you are safe in that regard.

sameer_mehta · September 8, 2021, 4:34am

Thanks for the details, appreciate it

Aj_singh · September 12, 2021, 3:48pm

It’s an open invitation to hackers as this OMACP app is opening the loopholes for hackers to look into your mobile phone. I recommend everyone should uninstall OMACP if they are not sure about its functionality.

Of course its a good app but lots of work is to be done to make it 0% vulnerable.

Sharad · September 13, 2021, 3:57am

Hi @Aj_singh - welcome to Teracube forums. Could you please clarify how you know this? The omacp application had bugs earlier but Google and Mediatek have fixed those issues as per the security bulletin. Such security fixes are regularly made in many parts of Android to keep the OS secure.

There are a lot of old articles lying around the internet claiming such loop holes in Omacp. That is why I’m asking if you have any current evidence on these claims.

Aj_singh · September 13, 2021, 4:23pm

Lots of other sites reporting such issues. Can you link me with sources where Google and OMACP fixed all security issues.

Sharad · September 13, 2021, 4:40pm

Here it is - Android Security Bulletin—May 2020 | Android Open Source Project

Don_t_touch_the_appl · September 17, 2021, 8:01am

Hello Sharad, I just wanna know if the OMACP is a virus. I keep seeing it on my phone when i reset it. It basically appears on the notification tab. The OMACP disappears in less than 3 second on the notification tab. Also, I’m using a vivo v11 phone. Can you help me out?

amqueue · September 17, 2021, 10:06am

I am possibly confused. I tried looking online but didn’t find an answer… Is the vivo line of phones somehow connected to the Teracube company? Why are these people asking here?

/amq