Think Information. Think Security.
A SECURITY RESEARCHER has exposed a vulnerability in some Samsung handsets that leaves them open to a remote wipe attack.

Ravi Borgaonkar showed off the attack at the Ekoparty security conference, reports Slashgear. There he showed how a hacker could direct the user to a webpage where some malicious code could plunge them into a factory reset nightmare. Borgaonkar's talk, Dirty use of USSD Codes in Cellular Network, showed how the Unstructured Supplementary Service Data (USSD) protocol, which is commonly used, can be exploited by attackers.

The attack can rely on people following links that suggest a trip to a website where you might see a "sexy co-ed" or equivalent. But as we have seen time and time before, people will fall for this type of thing. QR codes can also send people to attack webpages, according to Borgaonkar, as can NFC tags. Basically, anything that can open a URL can be used. He said that attackers can kill a SIM card and wipe the handset in just three minutes, adding that although victims can see what is happening they will be powerless to stop it.

Samsung devices running Touchwiz appear to be affected. We have asked Samsung to comment. In the meantime, and unless you want to be targeted by gits, you might consider turning off automatic page loading in your NFC and QR code reading apps. 

Cross-posted from: The Inquirer
10/2/2012 10:03:41 pm

I was searching for the matter you shared through blog. It is quite interesting and obviously very informative for me. Thanks you very much!

1/6/2013 03:19:15 pm

I am very much pleased with the contents mentioned about health. I wanted to thank for this great article. I enjoyed every little bit part of it and I will be waiting for the new updates.


Leave a Reply.