HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 13 MINUTES AGO.
You are here: Home / Mobile Tech / Samsung Phones Vulnerable to Wiping
Samsung Smartphones Vulnerable to Remote Wiping
Samsung Smartphones Vulnerable to Remote Wiping
By Barry Levine / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
SEPTEMBER
25
2012

A variety of Samsung smartphones can be wiped by a remote factory reset. That vulnerability, which includes the popular Galaxy S III, was highlighted at the recent Ekoparty security conference in Argentina.

The vulnerability could be induced through a single line of code, according to security researcher Ravi Borgaonkar. He said that the reset can be accomplished via a simple code using Unstructured Supplementary Service Data (USSD) that can be delivered to the smartphone by a Web site, near-field communication (NFC) wireless transmission, or a QR code.

TouchWiz User Interface

Only Samsung devices running the company's TouchWiz user interface appear to be vulnerable, while those devices by the manufacturer that are only running basic Android will show the code in the dialer screen but not automatically run it. The default setting on the devices with TouchWiz is to dial the code.

There has been confirmation that, in addition to the Galaxy S III, the USSD code can work on the Galaxy Beam, S Advance, Galaxy Ace or Galaxy S II, but not the Nexus, which runs only basic Android. Once the process begins, it cannot be stopped.

Some industry observers have indicated that a key issue is how the TouchWiz dialer handles the USSD code, because it loads the reset code and then automatically dials it. Samsung has not yet issued a statement, but company representatives have told news media that the vulnerability report is being investigated.

Additionally, if a phone is set to automatically load a site that has been delivered via a SMS message, the USSD code can also be delivered. The researchers advise deactivating any automatic site loading in software on Samsung devices that read QR or NFC codes, in addition to the standard precaution not to click on any links that are unknown.

Android Vulnerability

Borgaonkar reports that a USSD code could also be included that could deactivate the SIM card at the same that it wipes the phone.

Security researchers have been warning that Android mobile devices are very susceptible to attacks and, as Android has become the top mobile platform, it has also grown into a much more visible target.

A report released earlier this month by security firm McAfee Labs, for instance, said that Android-based mobile devices continue to be the most targeted mobile platform. It found that "virtually all new mobile malware detected in Q2 2012 was directed" at that platform, in the form of SMS-sending malware, mobile botnets, spyware and destructive Trojans.

In June, a company called Lookout Mobile Security said that some providers of free Android mobile apps were accessing personal information without the user's notification or consent, through the use of "adware."

Lookout found about 5 percent of the apps it analyzed used these kinds of aggressive ad networks. Google has been criticized in some quarters for not providing pro-active monitoring of Android apps on its Google Play marketplace.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Get Powerful App Acceleration with Cisco. In a world where time is money, you need to accelerate the speed at which data moves through your data center. Cisco UCS Invicta delivers powerful, easy-to-manage application acceleration for data-intensive workloads. So you can make decisions faster and outpace the competition. Learn More.
MORE IN MOBILE TECH
Product Information and Resources for Technology You Can Use To Boost Your Business

ENTERPRISE HARDWARE SPOTLIGHT
Making a major change to its usually staid design philosophy, HP unveiled an all-in-one PC with built-in projector and surface-enabled touch, designed to make 3D scanning and printing easy.
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.