Exploit wipes some Samsung phones with one line of HTMLon January 26, 2013 at 12:01 AM
Exploit wipes some Samsung phones with one line of HTML
Savvy pc users ar typically suspicious concerning links, and justifiedly therefore. Clicking the incorrect one may cause malicious code to execute, that may do something from infecting your pc with malware to, apparently, wiping your phone information fully. At the Ekoparty security conference, man of science Ravi Borganokar incontestible however one line of hypertext mark-up language code may be accustomed run a industrial plant reset or maybe clear the SIM card on sure Samsung phones. All it needs is for the user to click a link, scan a QR code, or browse AN NFC tag, and once it starts the user can’t back out.
The exploit uses Unstructured Supplementary Service information (USSD) codes, that ar commonly dialed into GSM phones to register them, perform nosology, or otherwise communicate with cell network servers. The exploit smartly embeds a distant wipe USSD code into an online page so it at once masses into a phone’s dialer. On some Samsung phones running TouchWiz, the device can then mechanically dial the code and begin the method. vulnerable models embody the Galaxy Beam and Galaxy S2. although apparently the problem was patched on some models and therefore the AT&T Galaxy S3, for instance, isn’t vulnerable.
Samsung is presently wanting into the problem any, and details ar still setting out concerning that devices ar affected. For the nowadays, however, it seems that solely Samsung phones running TouchWiz ar vulnerable (so not the Galaxy Nexus or any device running stock Android), and providing the malicious universal resource locator is loaded within the stock browser, instead of Chrome. this fix for the problem is to disable automatic website loading in QR and NFC readers, and watch out concerning clicking doubtless dodgy links.
Android enthusiasts typically dislike TouchWiz and alternative manufacturer modifications to the OS as a result of they get within the approach of a pure automaton expertise. however this exploit highlights a a lot of major problem with Android’s openness: another layer of code means that a lot of potential for security holes.