Researcher shows Samsung Galaxy S3 remote data-wipe hack
Posted on 25 September 2012.
At the recently held ekoparty Security conference in Buenos Aires security researcher Ravi Borgaonkar has demonstrated a simple attack that could lead to a remote wiping of some Android-based Samsung smartphones.

The reset to the factory settings and complete wipe of the contents is achieved via a simple USSD (Unstructured Supplementary Service Data) code delivered to the device via a specially crafted webpage or QR code, pushed by NFC, or even via a remotely triggered call to the specially crafted webpage via WAP push messages.

Borgaonkar demonstrated the attack on the Galaxy S3 device, but according to Slashgear, other devices running Samsung's customized version of Android are also affected.

Reports that Galaxy S2, Galaxy Beam, S Advance, and Galaxy Ace are also vulnerable have been popping up, although it also depends where and by whom the devices are sold.

For example, H-Online reports that European Samsung Galaxy S3 running Android 4.0.4 will not automatically run the code from the booby-trapped webpage, but that Galaxy S2 running on Android 2.3.6 or 4.0.3 will.

The problem seems to arise with the presence of TouchWiz user interface, which instead of screening the code first runs it automatically.

To protect themselves from possible attacks until Samsung pushes our a patch, users are advised to be careful which links they follow, and to switch off the automatic site loading in their QR and NFC readers.






Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //