Researchers found that phones from Samsung, Huawei, LG, and Sony are susceptible to an advanced type attack that can alter device settings via a short text message. This could instruct the device to route traffic through a malicious proxy. Researchers say that an authentication mechanism is present, it is based on the International Mobile Subscriber Identity (IMSI) number, which is unique for every user of a cellular network. The researchers say that OMA CP messages have an optional security header for validating the provisioning message.
Source: https://www.bleepingcomputer.com/news/security/android-sms-phishing-can-stealthily-enable-malicious-settings/