Skip to main content

Technology bits: Samsung Galaxy Phones Are Vulnerable To A Remote Wipe Attack


A SECURITY RESEARCHER has exposed vulnerability in some Samsung handsets that leaves them open to a remote wipe attack.


Ravi Borgaonkar showed off the attack at the Ekoparty security conference, reports Slashgear. There he showed how a hacker could direct the user to a webpage where some malicious code could plunge them into a factory reset nightmare.

Borgaonkar's talk, Dirty use of USSD Codes in Cellular Network, showed how the Unstructured Supplementary Service Data (USSD) protocol, which is commonly used, can be exploited by attackers.

The attack can rely on people following links that suggest a trip to a website where you might see a "sexy co-ed" or equivalent. But as we have seen time and time before, people will fall for this type of thing. QR codes can also send people to attack webpages, according to Borgaonkar, as can NFC tags. Basically, anything that can open a URL can be used, he explained.



He said that attackers can kill a SIM card and wipe the handset in just three minutes, adding that although victims can see what is happening they will be powerless to stop it.


Samsung devices running Touchwiz appear to be affected. We have asked Samsung to comment. In the meantime, and unless you want to be targeted by gits, you might consider turning off automatic page loading in your NFC and QR code reading apps.


Update
Samsung assured that the vulnerability had been fixed already, but did recommend that users install the latest software update.

Comments

Post a Comment

Popular posts from this blog

Finance: Net Present Value in the real sense.

Net Present Value (NPV)...... The difference between the present value of the future cash flows from an investment and the amount of investment. Present value of the expected cash flows is computed by discounting them at the required rate of return. For example, an investment of $1,000 today at 10 percent will yield $1,100 at the end of the year; therefore, the present value of $1,100 at the desired rate of return (10 percent) is $1,000. The amount of investment ($1,000 in this example) is deducted from this figure to arrive at net present value which here is zero ($1,000-$1,000). A zero net present value means the project repays original investment plus the required rate of return. A positive net present value means a better return, and a negative net present value indicates unfavourable returns. Net present value takes into account the value of the dollar today compared to the value of the dollar in the future, which is why it is a very important value to look at...
Post a Comment
Read more

FINANCE: CREATING MULTIPLE STREAMS OF INCOME (FINANCIALFREEDOM)

Hi, I trust you have being able to put into practice what you read on this blog on creating multiple streams of income. Good, to cap it up i will like to add this one last tip and i bet you, it is a secret weapon to finacial freedom. Investment: Interest from investment is another form of income. Investment in this regard includes; contribution plans, fixed deposit (call account), investment in bonds and treasury bills. Caution should however be taken in negotiating interest rate, maturity date and other terms that may affect your returns. See you at the top!   Make a minimum of $2 by just clicking on the link, absolutely free and easy. http://incomepart.com/ref.php?page=act/ref&invcod=58605   SPEND WISELY !
Post a Comment
Read more

Football: Lazio respond to false age claims of teenager.

Lazio have threatened legal action against those who have questioned the legitimacy of the age of their 17-year-old Cameroonian player Joseph Minala. The Italian side stated that his birth certificate is "absolutely legitimate". Lazio added:   "We reserve the right to take action against those responsible for the protection of the good name of the company and the footballer." The midfielder also issued a statement via the club's website denying he told an African website he was 41. He said: "I have read the alleged statements posted on the website senego.net in which it says I confessed my real age which was different to what was stated in my [official] documents. "They are false statements that have been attributed to me by people who do not know." Minala joined the Rome club last summer and recently played for them in the Viareggio Cup youth tournament. Source: BBC Sport.
Post a Comment
Read more