Jump to content
Fi8sVrs

One line of HTML can wipe or reset Samsung smartphones

By Fi8sVrs, in Mobile security

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted (edited)

At a security conference a scary demonstration showed that a single line of HTML code can remotely wipe out a Samsung Galaxy S III handset. Worse: It appears to work on many Samsung smartphones that run TouchWiz, which is most of Samsung’s line of handsets.

Be careful what links you click: A single line of HTML code can wipe the data on certain Samsung smartphones running Google’s Android software. The issue is specific to Samsung phones that also use the company’s TouchWiz software, says SlashGear, which actually means most of the current Samsung smartphones. Google’s Galaxy Nexus, also made by Samsung, is not affected by the exploit, which was demonstrated by Ravi Borganokar at the Ekoparty security conference.

Borganokar’s session, titled “Dirty use of USSD Codes in Cellular Network” demonstrated the issue when he tapped a link that causes Samsung’s TouchWiz phone dialer to execute the data wipe. Such codes are commonly used to register a phone on a network or perform other phone-level diagnostics, but this becomes an issue because TouchWiz automatically dials the code when the link is tapped. Here’s a video demonstration and explanation of the issue:

The short line of HTML code, Borganokar says, can also be executed through an embedded QR code or NFC wireless transfer. Even worse than an unintended factory restore or data wipe, this exploit can render the phone’s SIM card useless.

Some will surely condemn Android as a whole for this issue, but since it’s specific to Samsung’s TouchWiz software — likely as a feature to quickly dial phone numbers by way of links, QR codes or NFC data — the problem is limited to Samsung devices. I’d expect that Samsung releases a patch to disable the automatic phone dialing soon.

As a long-time Android user, however, these security — or insecurity issues, rather — are getting old in general. I mainly use Android devices because they fit my mantra of “use the best tool for the task at hand.” As someone embedded deeply in Google’s world of apps and data, Android simply works better. Even my limits are getting tested though: An open platform that can be endlessly tweaked is great until the wrong folks are tweaking it.

via One line of HTML can wipe or reset Samsung smartphones — Mobile Technology News

Edited by Fi8sVrs

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...