Researcher shows Samsung Galaxy S3 remote data-wipe hack
Posted on 25 September 2012.
At the recently held ekoparty Security conference in Buenos Aires security researcher Ravi Borgaonkar has demonstrated a simple attack that could lead to a remote wiping of some Android-based Samsung smartphones.

The reset to the factory settings and complete wipe of the contents is achieved via a simple USSD (Unstructured Supplementary Service Data) code delivered to the device via a specially crafted webpage or QR code, pushed by NFC, or even via a remotely triggered call to the specially crafted webpage via WAP push messages.

Borgaonkar demonstrated the attack on the Galaxy S3 device, but according to Slashgear, other devices running Samsung's customized version of Android are also affected.

Reports that Galaxy S2, Galaxy Beam, S Advance, and Galaxy Ace are also vulnerable have been popping up, although it also depends where and by whom the devices are sold.

For example, H-Online reports that European Samsung Galaxy S3 running Android 4.0.4 will not automatically run the code from the booby-trapped webpage, but that Galaxy S2 running on Android 2.3.6 or 4.0.3 will.

The problem seems to arise with the presence of TouchWiz user interface, which instead of screening the code first runs it automatically.

To protect themselves from possible attacks until Samsung pushes our a patch, users are advised to be careful which links they follow, and to switch off the automatic site loading in their QR and NFC readers.


USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Dec 19th