Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Wireless Security
Tame your scariest paperwork. Find Out How
Average Rating:
Rate this article:  
Samsung Smartphones Vulnerable to Remote Wiping
Samsung Smartphones Vulnerable to Remote Wiping

By Barry Levine
September 25, 2012 12:21PM

Bookmark and Share
If a Samsung smartphone with the TouchWiz interface is set to automatically load a site that has been delivered via a SMS message, a malicious remote-wipe code can also be delivered. Researchers advise deactivating any automatic site loading in software on Samsung devices that read QR or NFC codes, in addition to not clicking on links that are unknown.
 


A variety of Samsung smartphones can be wiped by a remote factory reset. That vulnerability, which includes the popular Galaxy S III, was highlighted at the recent Ekoparty security conference in Argentina.

The vulnerability could be induced through a single line of code, according to security researcher Ravi Borgaonkar. He said that the reset can be accomplished via a simple code using Unstructured Supplementary Service Data (USSD) that can be delivered to the smartphone by a Web site, near-field communication (NFC) wireless transmission, or a QR code.

TouchWiz User Interface

Only Samsung devices running the company's TouchWiz user interface appear to be vulnerable, while those devices by the manufacturer that are only running basic Android will show the code in the dialer screen but not automatically run it. The default setting on the devices with TouchWiz is to dial the code.

There has been confirmation that, in addition to the Galaxy S III, the USSD code can work on the Galaxy Beam, S Advance, Galaxy Ace or Galaxy S II, but not the Nexus, which runs only basic Android. Once the process begins, it cannot be stopped.

Some industry observers have indicated that a key issue is how the TouchWiz dialer handles the USSD code, because it loads the reset code and then automatically dials it. Samsung has not yet issued a statement, but company representatives have told news media that the vulnerability report is being investigated.

Additionally, if a phone is set to automatically load a site that has been delivered via a SMS message, the USSD code can also be delivered. The researchers advise deactivating any automatic site loading in software on Samsung devices that read QR or NFC codes, in addition to the standard precaution not to click on any links that are unknown.

Android Vulnerability

Borgaonkar reports that a USSD code could also be included that could deactivate the SIM card at the same that it wipes the phone.

Security researchers have been warning that Android mobile devices are very susceptible to attacks and, as Android has become the top mobile platform, it has also grown into a much more visible target.

A report released earlier this month by security firm McAfee Labs, for instance, said that Android-based mobile devices continue to be the most targeted mobile platform. It found that "virtually all new mobile malware detected in Q2 2012 was directed" at that platform, in the form of SMS-sending malware, mobile botnets, spyware and destructive Trojans.

In June, a company called Lookout Mobile Security said that some providers of free Android mobile apps were accessing personal information without the user's notification or consent, through the use of "adware."

Lookout found about 5 percent of the apps it analyzed used these kinds of aggressive ad networks. Google has been criticized in some quarters for not providing pro-active monitoring of Android apps on its Google Play marketplace.
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Wireless Security
1.   Banks Hit by Android-Skirting Malware
2.   Mac OS Yosemite Beta 4 Released
3.   Chinese Man Charged with Hacking
4.   Silent Circle Offers Roam-Free Plan
5.   Data Recovered from 'Wiped' Phones


advertisement
Banks Hit by Android-Skirting Malware
34 institutions, four European countries
Average Rating:
Mac OS Yosemite Beta 4 Released
Public preview could be coming soon.
Average Rating:
Silent Circle Offers Roam-Free Plan
Takes on Skype, Viber, Google Voice.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.