Sign in / up

back to article Researcher offers quick fix for Samsung remote wipe vuln

Although Samsung has yet to issue patches for most of the phones affected by a recently discovered remote-wipe vulnerability, a German security researcher has released an app that he says can block the exploit. As El Reg reported on Tuesday, a flaw in Samsung's dialing software causes its phones to execute some tel protocol …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. steogede

    URI

    >> As El Reg reported on Tuesday, a flaw in Samsung's dialing software causes its phones to execute some tel protocol URIs (universal resource identifiers) without the user even pressing the Dial button. At worst, this allows a remote attacker to send the Unstructured Supplementary Service Data (USSD) code that resets the phone to its factory state, wiping all the data in the process.

    URI, that is the bit that you felt needed further explanation?

    Also what's with the 'without pressing the dial button', isn't that the usual practice - you enter the code into the dialler and it performs the associated command, I don't recall ever pressing the dial button. The flaw is that it is taking the code from outside of the dialler and processing it as though it had been entered in the dialer - then again with smart phones, you'd have thought there would be a better way to do this than the *#.... codes

    0 3
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: URI

      There are two ways for an application to start a call - ACTION_CALL - which requires the application ask permission which is shown during install and ACTION_DIAL which *should* launch the dialler with the requested number and wait for the user to confirm the call (even for USSD codes - on stock the *#06# shows up in the dialler if it is sent from an application). This ACTION_DIAL mode is what the browser and other applications use with the tel: URI.

      The problem is that Samsung and HTC decided they would override the ACTION_DIAL's documented behaviour and have it immediately make the call. That means essientally applications have ACTION_CALL functionality without needing permission on these devices (another issue being overlooked here).

      To add to the problem, these manufactures then decided to add in special USSD codes for wiping the device and resetting pin codes. This, combined with the previous design flaw creates this vulnerability.

      ACTION_DIAL: http://developer.android.com/reference/android/content/Intent.html#ACTION_DIAL

      ACTION_CALL: http://developer.android.com/reference/android/content/Intent.html#ACTION_CALL

      1 0
  2. Anonymous Coward
    Anonymous Coward

    Dial without warning

    Surely the biggest threat is unknown calls to premium-rate numbers, which nets a small fortune for the miscreants behind the scam. Follow the money...

    0 0
  3. Anonymous Coward
    Anonymous Coward

    Hmm

    Well, it seems like the bug was already largely patched OTA before today, anyway- at least on my sim-free retail S3 it was.

    0 0
  4. nuked
    Facepalm

    Vulnerability?

    More like a gaping great chasm of a security hole.

    0 1
  5. dotdavid
    WTF?

    Inaccuracy

    " On Wednesday, Samsung issued a firmware fix that resolved the issue in the Galaxy S III, its flagship Android handset. "

    FFS El Reg, you claimed that in the last article too, and were informed by many people in the comments that the fix was actually in an OTA update that was sent out earlier in the year. There has been no firmware fix on Wednesday, only an announcement that the latest OTA update has the fix so if users don't have it yet they should really go get it.

    Granted, Samsung still need to sort it out for some of their other handsets, but crap as they have been at doing that it seems a little unfair to claim they're slower to react to patch their flagship handset than they really are.

    0 0
  6. Chris Wilson

    Another option

    A slightly more user-friendly option:

    https://play.google.com/store/apps/details?id=com.openmarket.protectsam

    0 0
This topic is closed for new posts.

Other stories you might like