Multiple Samsung handsets vulnerable to remote wipe hack

[siljaline]

Quote:

The Galaxy S3 is among a growing list of Samsung models susceptible to remote wipe attack.

A number of Samsung smartphones have been found to be vulnerable to a remote factory reset, according to details surfacing today. The hack, which was detailed at a recent Ekoparty security conference, shows that the Galaxy S3 is susceptible to the simple reset.

As Slashgear tells us, the process can be enabled in multiple ways, including NFC, QR Code, or pushed from a Web site. Once initiated, the factory wipe cannot be canceled or undone. What's more, the user will not receive any advance warning or opportunity to take preventative measures. And, as if that weren't bad enough, it's also possible for the bad guys to kill the handset's current SIM card.

Article

Remote wipe attack not limited to Samsung phones, Android dialer may be to blame

Quote:

Yesterday we reported on a vulnerability on Samsung phones that could allow a malicious website to wipe a user's device, but new details are coming to light that indicate the issue extends beyond Samsung's product line — and that the dialer in some versions of Android may by the cause.

Article

[ronjor]

Quote:

App protects Samsung smartphones against remote wiping

Smartphone icon As publicised yesterday (Tuesday), some Android-based Samsung smartphones can be wiped remotely without the owner's consent via specially crafted web pages or SMS text messages. A new app has now been added to the Google Play Store that aims to protect users against this problem: NoTelURL is a free tool developed by Jörg VossGerman language link that ensures that USSD control codes can no longer be executed without any user interaction. The APK installation file can also be downloaded directly from the developer's own siteDirect download.

http://www.h-online.com/security/new...g-1718531.html

[siljaline]

USSD attack not limited to Samsung Android devices, can also kill SIM cards

Quote:

A variation of the recently disclosed attack that can wipe data from Samsung Android devices when visiting a malicious Web page can also be used to disable the SIM cards from many Android phones, researchers say.

Ravishankar Borgaonkar, a research assistant in the Telecommunications Security department at the Technical University of Berlin, recently demonstrated the remote data wiping attack at the Ekoparty security conference in Buenos Aires, Argentina.

The attack can be launched from a Web page by loading a "tel:" URI (uniform resource identifier) with a special factory reset code inside an iframe. If the page is visited from a vulnerable device, the dialer application automatically executes the code and performs a factory reset.

Article

Android remote wipe security issue widens

Quote:

It seems that a security flaw spotted by a German researcher – and demonstrated recently at the Ekoparty security conference in Argentine – may affect a lot more than certain Samsung Android smartphone models.

According to Ravi Borgaonkar, a researcher with the telecoms department of the Technical University of Berlin, the remote wipe flaw – which can be triggered by a malicious link on a Web site, a text message or NFC transmission – several types of Samsung smartphones are susceptible to the flaw, which can trigger a factory reset on the handset.

Article

The latest build of: Lookout

Quote:

Added the ability to scan the dialer links for malicious MMI codes that could delete your data or reset your phone.

• The latter is not a product plug, nor an endorsement.

[Hungry Man]

Eh. I'm not worried.

There's no money to be made wiping peoples phones outside of targeted attacks. Plus I don't use touchwiz.

Quote:

This means, he says, that handsets running a vanilla version of Android would not normally be affected by the exploit.

Yep, safe.

[siljaline]

TelStop is an interesting prevention tool. Developers Website
Instructions as to what this does, what does not do, etc, are shown at the developer website. The app requires no permissions to run.