backtop


Print

"Feature" was meant to make phone techs' lives easier, but turns out to be gaping security hole

One of the biggest Android vulnerabilities to date was discovered this week, but not in Google Inc.'s (GOOG) Android OS itself.  The vulnerability was found in Samsung Electronics Comp., Ltd.'s (KSC:005930) TouchWiz UI and allows malicious users to direct unwitting Samsung Android owners to webpages with frames that contain a reset code to wipe their device clean.

Google has long grunted and grumbled about OEMs desire to "skin" Android with custom UI experiences.  It originally was looking to kill off the practice, but it has since relented, allowing TouchWiz UI and other custom Android UIs to persist.

The vulnerability in TouchWiz reportedly affects multiple devices including the best-selling Galaxy S II, plus many lesser-known Samsung handsets like the Galaxy Beam.  The vulnerability involves sending the code *2767*3855# to the phone's dialer, which triggers a factory reset.

Samsung's Android build allows websites to contain the code <frame src="tel:..."> which auto-launches a call to a phone number when you click on the pertinent object.  Using this vulnerability, the clickable wiping item could be hidden in all manner of website images or links.

Galaxy S II
The vulnerability was first discovered by Android enthusiast Pau Oliva (Note: contrary to his comment, the Galaxy S3 does not autocall the number, though this is the case on the S II). 

Fortunately some newer Galaxy phones (such as the Galaxy S III) have a slightly toned down version of TouchWiz, which will only bring up the number in the dialer app, not automatically initiate the call.  Hence while the reset code indeed works, the danger to the owners of certain Samsung phones is minimal given that they would have to accidentally hit the call button after the reset code came up to complete the wipe on those devices.

For owners of older devices the call reportedly auto-initiates leaving the user with no escape.

According to The Verge Samsung says it's "looking into" these reports.  Pau Oliva, a telecom engineer and Android enthusiast, was first reported on the vulnerability via Twitter.

Sources: Pau Oliva [Twitter], The Verge





“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs







Latest Blog Posts






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki