Android logoAs you may have heard by now a serious vulnerability was found that could wipe everything off of Samsung Galaxy SII and SII. Through malicious links in a website, SMS, NFC beam or QR code, a factory reset can be performed on your phone! Although Samsung released a patch for the Galaxy SIII it appears that all Android devices less than Android 4.1.1 are affected until their manufacturers release patches.

Ravi Borgaonkar, a researcher in the Security in Communications department at Technical University Berlin, demonstrated the weakness at the Ekoparty security conference in Argentina last week. A single line of code embedded in a web page can be used to trigger a remote factory reset! Here is a video in case you want to watch the demonstration.

To check whether you are vulnerable Dylan Reeve has created a web page: http://dylanreeve.com/phone.php. If you visit this page with your mobile browser and your IMEI number pops up it means that you are vulnerable. I have checked it with my rooted HTC Desire, with the Dolphin browser and I am open to attack! Dylan Reeve explains in his blog how the remote USSD attack works.

Two apps have also been developed to protect against the vulnerability: Auto-reset blocker and TelStop. You can check them in Google Play. Of course always keep in mind that it isn't a good idea to click on unknown links or open unknown QR codes!

Comments (0)

Subscribe to this comment's feed

Write comment

smaller | bigger
security image
Write the displayed characters

busy

Android

Login Form

Follow me on...

  • Facebook
  • Twitter
  • Google+: u/0/b/113039112812192417058/
  • Digg
  • Reddit: myguides
  • RSS Feed
  • e-mail

Member Login