Researcher shows Samsung Galaxy S3 remote data-wipe hack
Posted on 25 September 2012.
At the recently held ekoparty Security conference in Buenos Aires security researcher Ravi Borgaonkar has demonstrated a simple attack that could lead to a remote wiping of some Android-based Samsung smartphones.

The reset to the factory settings and complete wipe of the contents is achieved via a simple USSD (Unstructured Supplementary Service Data) code delivered to the device via a specially crafted webpage or QR code, pushed by NFC, or even via a remotely triggered call to the specially crafted webpage via WAP push messages.

Borgaonkar demonstrated the attack on the Galaxy S3 device, but according to Slashgear, other devices running Samsung's customized version of Android are also affected.

Reports that Galaxy S2, Galaxy Beam, S Advance, and Galaxy Ace are also vulnerable have been popping up, although it also depends where and by whom the devices are sold.

For example, H-Online reports that European Samsung Galaxy S3 running Android 4.0.4 will not automatically run the code from the booby-trapped webpage, but that Galaxy S2 running on Android 2.3.6 or 4.0.3 will.

The problem seems to arise with the presence of TouchWiz user interface, which instead of screening the code first runs it automatically.

To protect themselves from possible attacks until Samsung pushes our a patch, users are advised to be careful which links they follow, and to switch off the automatic site loading in their QR and NFC readers.






Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //