Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Please click for more information, or scroll down to pass the ad, or Close Ad.
Home Network Security Viruses & Malware Hackers Security Solutions More Topics...
Eliminate costly downtime!
Find out how with Free White Paper
& enter to win a Samsung Galaxy Note

www.apc.com
Mobile Tech
24/7/365 Network Uptime
Average Rating:
Rate this article:  
Samsung Smartphones Vulnerable to Remote Wiping
Samsung Smartphones Vulnerable to Remote Wiping

By Barry Levine
September 25, 2012 12:21PM

Bookmark and Share
If a Samsung smartphone with the TouchWiz interface is set to automatically load a site that has been delivered via a SMS message, a malicious remote-wipe code can also be delivered. Researchers advise deactivating any automatic site loading in software on Samsung devices that read QR or NFC codes, in addition to not clicking on links that are unknown.
 


A variety of Samsung smartphones can be wiped by a remote factory reset. That vulnerability, which includes the popular Galaxy S III, was highlighted at the recent Ekoparty security conference in Argentina.

The vulnerability could be induced through a single line of code, according to security researcher Ravi Borgaonkar. He said that the reset can be accomplished via a simple code using Unstructured Supplementary Service Data (USSD) that can be delivered to the smartphone by a Web site, near-field communication (NFC) wireless transmission, or a QR code.

TouchWiz User Interface

Only Samsung devices running the company's TouchWiz user interface appear to be vulnerable, while those devices by the manufacturer that are only running basic Android will show the code in the dialer screen but not automatically run it. The default setting on the devices with TouchWiz is to dial the code.

There has been confirmation that, in addition to the Galaxy S III, the USSD code can work on the Galaxy Beam, S Advance, Galaxy Ace or Galaxy S II, but not the Nexus, which runs only basic Android. Once the process begins, it cannot be stopped.

Some industry observers have indicated that a key issue is how the TouchWiz dialer handles the USSD code, because it loads the reset code and then automatically dials it. Samsung has not yet issued a statement, but company representatives have told news media that the vulnerability report is being investigated.

Additionally, if a phone is set to automatically load a site that has been delivered via a SMS message, the USSD code can also be delivered. The researchers advise deactivating any automatic site loading in software on Samsung devices that read QR or NFC codes, in addition to the standard precaution not to click on any links that are unknown.

Android Vulnerability

Borgaonkar reports that a USSD code could also be included that could deactivate the SIM card at the same that it wipes the phone.

Security researchers have been warning that Android mobile devices are very susceptible to attacks and, as Android has become the top mobile platform, it has also grown into a much more visible target.

A report released earlier this month by security firm McAfee Labs, for instance, said that Android-based mobile devices continue to be the most targeted mobile platform. It found that "virtually all new mobile malware detected in Q2 2012 was directed" at that platform, in the form of SMS-sending malware, mobile botnets, spyware and destructive Trojans.

In June, a company called Lookout Mobile Security said that some providers of free Android mobile apps were accessing personal information without the user's notification or consent, through the use of "adware."

Lookout found about 5 percent of the apps it analyzed used these kinds of aggressive ad networks. Google has been criticized in some quarters for not providing pro-active monitoring of Android apps on its Google Play marketplace.
 

Tell Us What You Think
Comment:

Name:



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Mobile Tech
1.   Android Gets Chrome Remote Desktop
2.   Amazon 3D Smartphone Pics Leaked
3.   Zebra Buys Motorola Enterprise Biz
4.   CTIA Caves, Offers Kill Switch Plan
5.   Report: Amazon Phone To Feature 3D


advertisement
BlackBerry Drops T-Mobile After Spat
Moving on to other carriers after snub.
Average Rating:
Zebra Buys Motorola Enterprise Biz
Pays $3.45B in all-cash deal.
Average Rating:
CTIA Caves, Offers Kill Switch Plan
But leaves control up to users.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Google's Street View Software Unravels CAPTCHAs
The latest software Google uses for its Street View cars to read street numbers in images for Google Maps works so well that it also solves CAPTCHAs, those puzzles designed to defeat bots.
 
Canadian Teen Arrested for Heartbleed Hack
One week after the OpenSSL Heartbleed vulnerability was unveiled, Canadian authorities have made the first arrest -- a London, Ontario teenager -- connected to exploiting the security hole.
 
IBM Offers Security, Disaster Recovery as SoftLayer Service
New disaster recovery and security services for SoftLayer clients are being added by IBM. Big Blue said the new capabilities will speed cloud adoption by alleviating concern over business continuity.
 

Enterprise Hardware Spotlight
Vaio Fit 11A Battery Danger Forces Recall by Sony
Using a Sony Vaio Fit 11A laptop? It's time to send it back to Sony. In fact, Sony is encouraging people to stop using the laptop after several reports of its Panasonic battery overheating.
 
Continued Drop in Global PC Shipments Slows
Worldwide shipments of PCs fell during the first three months of the year, but the global slump in PC demand may be easing, with a considerable slowdown from last year's drops.
 
Google Glass Finds a Home in Medical Education, Practice
Google Glass may find its first markets in verticals in which hands-free access to data is a boon. Medicine is among the most prominent of those, as seen in a number of Glass experiments under way.
 

Mobile Technology Spotlight
Google Releases Chrome Remote Desktop App for Android
You're out on a sales call, and use your Android mobile device to grab a file you have back at the office on your desktop. That's a bit easier now with Google's Chrome Remote Desktop app for Android.
 
Amazon 3D Smartphone Pics Leaked
E-commerce giant Amazon is reportedly set to launch a smartphone after years of development. Photos of the phone, which may feature a unique 3D interface, were leaked by tech pub BGR.
 
Zebra Tech Buys Motorola Enterprise for $3.45B
Weeks after Lenovo bought Motorola Mobility’s assets from Google for $2.91 billion, Zebra Technologies is throwing down $3.45 billion for Motorola’s Enterprise business in an all-cash deal.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Hackers | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.