Jan26

Exploit wipes some Samsung phones with one line of HTML

by James Boss on January 26, 2013 at 12:01 AM
Posted In: Android
Exploit wipes some Samsung phones with one line of HTML clixsense gpt468x60a Exploit wipes some Samsung phones with one line of HTML

Exploit wipes some Samsung phones with one line of HTML

Savvy pc users ar typically suspicious concerning links, and justifiedly therefore. Clicking the incorrect one may cause malicious code to execute, that may do something from infecting your pc with malware to, apparently, wiping your phone information fully. At the Ekoparty security conference, man of science Ravi Borganokar incontestible however one line of hypertext mark-up language code may be accustomed run a industrial plant reset or maybe clear the SIM card on sure Samsung phones. All it needs is for the user to click a link, scan a QR code, or browse AN NFC tag, and once it starts the user can’t back out.
The exploit uses Unstructured Supplementary Service information (USSD) codes, that ar commonly dialed into GSM phones to register them, perform nosology, or otherwise communicate with cell network servers. The exploit smartly embeds a distant wipe USSD code into an online page so it at once masses into a phone’s dialer. On some Samsung phones running TouchWiz, the device can then mechanically dial the code and begin the method. vulnerable models embody the Galaxy Beam and Galaxy S2. although apparently the problem was patched on some models and therefore the AT&T Galaxy S3, for instance, isn’t vulnerable.
Samsung is presently wanting into the problem any, and details ar still setting out concerning that devices ar affected. For the nowadays, however, it seems that solely Samsung phones running TouchWiz ar vulnerable (so not the Galaxy Nexus or any device running stock Android), and providing the malicious universal resource locator is loaded within the stock browser, instead of Chrome. this fix for the problem is to disable automatic website loading in QR and NFC readers, and watch out concerning clicking doubtless dodgy links.
Android enthusiasts typically dislike TouchWiz and alternative manufacturer modifications to the OS as a result of they get within the approach of a pure automaton expertise. however this exploit highlights a a lot of major problem with Android’s openness: another layer of code means that a lot of potential for security holes.

Be Sociable, Share!
  • more Exploit wipes some Samsung phones with one line of HTML

Related posts:

  1. Samsung issues Galaxy S3 fix for phone wipe vulnerability
  2. Samsung confirms Galaxy S3 Android 4.1 update begins in October
  3. Samsung’s new S3 Mini tarnishes the Galaxy brand
  4. Samsung expected to unveil Galaxy S3 Mini on October 11
  5. Samsung Galaxy S4 rumored to appear at MWC
  6. Samsung senior engineer asks what we want in the Galaxy S4
  7. Google and Samsung rumored to be working on 10-inch tablet
  8. Samsung Galaxy Tab
  9. Samsung Galaxy Nexus
  10. Samsung officially unveils the Galaxy S3 Mini with modest resolution, no LTE
└ Tags: