Samsung fixes Galaxy S3 bug, researchers offer fix for other phones
Posted on 27 September 2012.
Bookmark and Share
Given the amount of information we all keep on our smartphones, it's no wonder that the recently demonstrated Samsung Galaxy S3 remote data-wipe hack has ruffled quite a few feathers.

Reports that Galaxy S2, Galaxy Beam, S Advance, and Galaxy Ace are also vulnerable have been popping up.

The reset to the factory settings and complete wipe of the contents is achieved via a simple USSD (Unstructured Supplementary Service Data) code delivered to the device via a specially crafted webpage or QR code, pushed by NFC, or even via a remotely triggered call to the specially crafted webpage via WAP push messages.

Samsung has pushed out a fix for the Galaxy S3 phones yesterday, but there is still no news on when the fixes for the other phones will be made available.

In the meantime, two researchers have created applications that deflect the attack. Collin Mulliner, a researcher with Boston's Northeastern University's SECLAB, has offered the TelStop app, and Joerg Voss has developed and published NoTelURL - both of which install an additional TEL URL handlers, pop up a warning when the user is faced with a TEL link and then ask whether he wants to follow it.


Users who want to known whether their phone is vulnerable to the attack can surf to a "USSD Check" page set up by H-Online, which has embedded a command that asks the phone to display its serial number (IMEI). If it does so without asking for permission, the phone can be remotely wiped without the user's consent.






Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //