A single web link will WIPE Samsung Android smartphones An enterprising hacker has demonstrated how a simple web page can reset various Samsung phones back to the state they left the factory - enabling a click, bump or text to take out a victim's mobe entirely. The devastating flaw lies in Samsung's dialling software, triggered by the tel protocol in a URL. It isn't applicable to …
It's hard to see who *is* affected. No problem on my stock Nexus, nearly a year old.
@ElReg:
and it seems that some operators have tweaked their handsets to prevent that - although probably not deliberately, it's just a side effect of other changes.
No tweaking here - stock ICS 4.1.1, no operator.
It's not a browser issue, despite what others are saying in the comments here - it's the dialler, possibly in conjunction with TouchWiz. Unaffected diallers just display the USSD, and don't execute it anyway if you connect.
It isn't hard to see who is affected, it's very easy, you just test on various phones.
This link on my HTC One X displays my IMEI number, with no input from me
http://ninpo.qap.la/test/index.html
HTML code is simply;
<!DOCTYPE html>
<html>
<frameset>
<frame src="tel:*%2306%23">
</frameset>
</html>
If that was the factory wipe code for a One X (yes, one exists), my phone reboots and wipes itself.
Stock dialer that ships with the One X, stock browser that ships with the One X.
It has nothing to do with Touch Wiz, which isn't on this phone.
"Not the case - it affects my original HTC Desire and that's running VillainROM, not a Samsung and no TouchWiz in sight."
By "affects", you mean it opens the dialler with the number/tries to call it and fails (as it should) - because your phone is not affected - it's not setup to see those numbers and go "ooh, that means wipe everything". If you lost all your data, then I'll believe you.
I imagine Samsung have put this in to make support easier (resetting pins/devices) but it's still a pretty stupid move.
Good question, I'm not entirely sure. XDA reports that 4.0.4 is ok, but then you could have multiple updates on that one version number. Only way to be sure would be to run the safe tests on your phone.
http://forum.xda-developers.com/showthread.php?p=31994542
"UPDATE2: Lennyuk has confirmed that you shouldn't be affected by this so long as you're using the latest S3 rom."
"Lennyuk" - "All current S3 firmware should be patched, samsung were informed of this issue some months ago and actively fixed it."
I could do more, but if you're interested, go read the thread! :P
At least until a proper fix comes out (as the workaround is annoying) is install a different dialer, but don't set the default (hell install Skype it'll have the same effect). System will then ask which one you want to use, giving you opportunity to go "ooo shit" before wiping.
Someone did mention removing system/app/keystringxxx.apk files but they didn't exist when I ssh'd into my SG2 so couldn't try that.
Bit of a major fuck up eh?
One of the original reporting folks posted an update:
http://dylanreeve.posterous.com/remote-ussd-attack-its-not-just-samsung
He also states a good work around if you can't get a patched dialer is to install a different one to force the phone to prompt with an action. :)
USSD is a protocol for communicating between the handset and the network. It's used for things like finding out your prepay balance, or what your phone number is - the SIM doesn't know the phone number. An example would be *#100# <dial> on Vodafone, which will give your phone number.
What you're describing is not USSD - it's executed locally by the handset. Granted, it looks similar, but it's not the same thing at all.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
