Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Wireless Security
Register for a certification exam.
Average Rating:
Rate this article:  
Samsung Smartphones Vulnerable to Remote Wiping
Samsung Smartphones Vulnerable to Remote Wiping

By Barry Levine
September 25, 2012 12:21PM

Bookmark and Share
If a Samsung smartphone with the TouchWiz interface is set to automatically load a site that has been delivered via a SMS message, a malicious remote-wipe code can also be delivered. Researchers advise deactivating any automatic site loading in software on Samsung devices that read QR or NFC codes, in addition to not clicking on links that are unknown.
 


A variety of Samsung smartphones can be wiped by a remote factory reset. That vulnerability, which includes the popular Galaxy S III, was highlighted at the recent Ekoparty security conference in Argentina.

The vulnerability could be induced through a single line of code, according to security researcher Ravi Borgaonkar. He said that the reset can be accomplished via a simple code using Unstructured Supplementary Service Data (USSD) that can be delivered to the smartphone by a Web site, near-field communication (NFC) wireless transmission, or a QR code.

TouchWiz User Interface

Only Samsung devices running the company's TouchWiz user interface appear to be vulnerable, while those devices by the manufacturer that are only running basic Android will show the code in the dialer screen but not automatically run it. The default setting on the devices with TouchWiz is to dial the code.

There has been confirmation that, in addition to the Galaxy S III, the USSD code can work on the Galaxy Beam, S Advance, Galaxy Ace or Galaxy S II, but not the Nexus, which runs only basic Android. Once the process begins, it cannot be stopped.

Some industry observers have indicated that a key issue is how the TouchWiz dialer handles the USSD code, because it loads the reset code and then automatically dials it. Samsung has not yet issued a statement, but company representatives have told news media that the vulnerability report is being investigated.

Additionally, if a phone is set to automatically load a site that has been delivered via a SMS message, the USSD code can also be delivered. The researchers advise deactivating any automatic site loading in software on Samsung devices that read QR or NFC codes, in addition to the standard precaution not to click on any links that are unknown.

Android Vulnerability

Borgaonkar reports that a USSD code could also be included that could deactivate the SIM card at the same that it wipes the phone.

Security researchers have been warning that Android mobile devices are very susceptible to attacks and, as Android has become the top mobile platform, it has also grown into a much more visible target.

A report released earlier this month by security firm McAfee Labs, for instance, said that Android-based mobile devices continue to be the most targeted mobile platform. It found that "virtually all new mobile malware detected in Q2 2012 was directed" at that platform, in the form of SMS-sending malware, mobile botnets, spyware and destructive Trojans.

In June, a company called Lookout Mobile Security said that some providers of free Android mobile apps were accessing personal information without the user's notification or consent, through the use of "adware."

Lookout found about 5 percent of the apps it analyzed used these kinds of aggressive ad networks. Google has been criticized in some quarters for not providing pro-active monitoring of Android apps on its Google Play marketplace.
 

Tell Us What You Think
Comment:

Name:





 Wireless Security
1.   Protect Yourself from Identity Theft
2.   Banks Hit by Android-Skirting Malware
3.   Mac OS Yosemite Beta 4 Released
4.   Chinese Man Charged with Hacking
5.   Silent Circle Offers Roam-Free Plan


advertisement
Protect Yourself from Identity Theft
Even if your data was compromised.
Average Rating:
Banks Hit by Android-Skirting Malware
34 institutions, four European countries
Average Rating:
Mac OS Yosemite Beta 4 Released
Public preview could be coming soon.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Watson Gets His First Customer Service Gig
Since appearing on Jeopardy, IBM's Watson supercomputer has been making a living using his super-intelligent knowledge base for business verticals. Now, Watson's been hired for his first customer service job.
 
Tablet Giants Apple and Samsung Feel the Heat
When a company saturates its home market with a once-hot product, expect it to pump up efforts elsewhere. Apple, for its part, is now pushing iPads to big corporations and the enterprise market.
 
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 

Mobile Technology Spotlight
Tablet Giants Apple and Samsung Feel the Heat
When a company saturates its home market with a once-hot product, expect it to pump up efforts elsewhere. Apple, for its part, is now pushing iPads to big corporations and the enterprise market.
 
Is the Amazon Fire Phone a Winner?
A late entry into a packed category of smartphones, Amazon's Fire phone offers a variety of unique features. Now, the reviewers are assessing if they're enough to make the phone stand out.
 
Review: Amazon Fire Offers New Ways To Use Phones
The Fire phone uses Android, but Amazon has modified it to the point that it's barely recognizable. That means the phone offers new ways to navigate, discover and, of course, shop.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.