The Latest in IT Security

More Android smartphones vulnerable to vicious attack

29
Sep
2012

Researchers have determined that an attack which can wipe data from Samsung Android devices when visiting a malicious website can also be used to lock the SIM cards or completely wipe all of the data from many other Android phones. In addition to web pages, the attack can be triggered through SMS, or by a rouge NFC tag or QR code.

Mobile geek Dylan Reeve explains how the attack works. Computerworld summarizes it like this, “The attack can be launched from a Web page by loading a “tel:” URI (uniform resource identifier) with a special factory reset code inside an iframe. If the page is visited from a vulnerable device, the dialer application automatically executes the code and performs a factory reset.”

Check if your smartphone is vulnerable

Here is a way for you to check if your phone is vulnerable to this remote wipe threat: Visit http://dylanreeve.com/phone.php on your Android device, and if your phone is vulnerable, you’ll immediately see your phone’s IMEI number pop up. I checked my HTC Google Nexus One this way, and it came back as being vulnerable. Other phones reported to be affected include the HTC One X, Motorola Defy, Sony Experia Active, Sony Xperia Arc S, and the HTC Desire. Reeve says that Samsung fixed the USSD/MMI code execution issue for Galaxy S III devices, but it appears that all 4.1-based builds are safe, and some 4.0.4 builds as well.

Currently avast! Mobile Security is actively blocking URLs containing malicious code that triggers the exploit. Our Android users can expect an update containing protection against this kind of attack soon. We’ll let you know when that is released.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments