The Inquirer-Home

Samsung Galaxy phones are vulnerable to a remote wipe attack

Updated Major bug exposed
Tue Sep 25 2012, 15:41
Samsung Galaxy S Duos

A SECURITY RESEARCHER has exposed a vulnerability in some Samsung handsets that leaves them open to a remote wipe attack.

Ravi Borgaonkar showed off the attack at the Ekoparty security conference, reports Slashgear. There he showed how a hacker could direct the user to a webpage where some malicious code could plunge them into a factory reset nightmare.

Borgaonkar's talk, Dirty use of USSD Codes in Cellular Network, showed how the Unstructured Supplementary Service Data (USSD) protocol, which is commonly used, can be exploited by attackers.

The attack can rely on people following links that suggest a trip to a website where you might see a "sexy co-ed" or equivalent. But as we have seen time and time before, people will fall for this type of thing. QR codes can also send people to attack webpages, according to Borgaonkar, as can NFC tags. Basically, anything that can open a URL can be used, he explained.

He said that attackers can kill a SIM card and wipe the handset in just three minutes, adding that although victims can see what is happening they will be powerless to stop it.

Samsung devices running Touchwiz appear to be affected. We have asked Samsung to comment. In the meantime, and unless you want to be targeted by gits, you might consider turning off automatic page loading in your NFC and QR code reading apps.

Samsung told us that the vulnerability had been fixed already, but did recommend that users install the latest software update.

"We would like to assure our customers that the recent security issue concerning the Galaxy S III has already been resolved through a software update," it said in a statement.

"We recommend all Galaxy S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service." µ



Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?