Saw this tweet yesterday on Twitter:
The account is a parody? but the ?tel:*2767*3855%23? is quite serious.
It?s a reference to a ?vulnerability? which exists on some versions of Samsung Android phones, those running Samsung?s TouchWiz UI. (So, not Nexus.) And by vulnerability, we mean that some ?genius? developed a feature to factory hard reset TouchWiz devices using an Unstructured Supplementary Service Data (USSD) code ? without requiring a prompt from the user!
As such, there are numerous ways in which a device could be remotely targeted and prompted to run service commands.
The vulnerability was demonstrated by Ravi Borgaonkar last weekend at the Ekoparty security conference, which you can see here.
The good news is that Borgaonkar informed Samsung in June. Current versions of Galaxy S III firmware should not be vulnerable.
Also good news: remote factory hard resets don?t exactly have a profit motive. So this isn?t something anybody will likely ever see in the wild. But still, if you have a Samsung running TouchWiz, make sure you update to the latest firmware.
Also, other vendor?s phones could be subject to similar issues. One workaround to consider is a third-party dialer app.
Related stories:
- Samsung Wave Autorun.inf
- 27C3 presentation claims many mobiles vulnerable to SMS attacks
- e107 Being Exploited ? Vulnerable contact.php Scanned and Attacked
- Apache exploit leaves up to 65% of all websites vulnerable
- CARO: Half of all computers running vulnerable versions of Adobe PDF Reader
happy holidays norad how to carve a turkey how to cook a turkey yorkshire pudding larry the cable guy miracle on 34th street
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন