September 26, 2012
Security Flaw Hits Samsung Galaxy Phones, Fix Issued
Michael Harper for redOrbit.com — Your Universe Online
Several times a month, the general public is given even more reminders that we should all be very careful about what we click and what sites we visit on the web. With smartphone popularity on a skyrocket rise, however, it´s just as important to apply these same precautions to our handhelds.
As with desktop security vulnerabilities, some mobile attacks come as a result of flaws in the software, and as a fairly new industry, there seems to be plenty of flaws for the finding if only one cares to look.
The latest security flaw attacked some Samsung devices, allowing any nefarious troublemakers to completely wipe a person´s Samsung Galaxy S II or worse, the touted Samsung Galaxy S III, with a simple text message, URL or even QR Code.
Samsung has since announced a fix for their latest and greatest, best-selling flagship device, but failed to mention a fix for the Galaxy S II and other effected devices by name.
This flaw was first shown off by Ravi Borgaonkar at the ekoparty Security Conference in Argentina last week. During his “Dirty use of USSD codes in the cellular network” talk, Borgaonkar explained how one little bit of dirty code could work its way into the phone through a vulnerability in the dialer. Once in, this code completely takes over the phone and sends it through the factory reset mode.
What makes this attack frightening is how easily this code could be disguised. Not only could this code be embedded in emails and text messages as a shortened URL - which has already been happening, according to TechCrunch - this code can even be embedded in a QR code or be used via NFC. Anyone with a vulnerable phone could have their device completely wiped to out-of-the-box state at any bar either by a simple passerby passing on the code via NFC or by hanging a dirty QR Code disguised as an advertisement or band flyer.
The culprit in all this seems to be the stock Android dialer, and according to Dylan Reeve, Samsung isn´t the only company with this vulnerability. HTC´s One X, Motorola´s Defy and Sony´s Xperia Play are also at risk of being completely reset or worse as a result of this flaw. Interestingly, this patch was fixed in June in stock Android. As pointed out by Reeve, the phones affected likely still make use of this older, pre-update phone dialer.
Although Borgaonkar pointed this flaw out last week, this news didn´t reach the larger tech blogs until yesterday. Some bloggers had said only the older Galaxy S II and Galaxy S Advance were vulnerable, though others were able to wipe an S III with this flaw.
Earlier today, Samsung issued a statement about this flaw, saying they had already repaired the flaw for the Galaxy S III, and encouraged all users to update their phones.
“We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.”
It´s nice for Samsung to have offered a fix for their phones, but interesting that they mentioned the S III by name without mentioning any other phone as explicitly.
For now, any Galaxy S III user should check for an OtA update, as well as switch to a new phone dialer, perhaps. Additionally, any Android user looking to tell if their device is vulnerable to this flaw can visit a site put together by the aforementioned Dylan Reeve on said device. If the device is vulnerable, the phone dialer app will open and display the devices IMEI code.
Just another reminder to never click on SMS links from strangers, keep NFC turned off when not in use and never scan a QR code at a less-than-reputable establishment.