Welcome to WebmasterWorld Guest from 54.145.53.251

Forum Moderators: bakedjake

Message Too Old, No Replies

Samsung And HTC Android Phones Vulnerable To Remote Wipe Hack

Samsung Galaxy S3, Galaxy S2, HTC One X and HTC Desire

     
3:11 pm on Sep 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 14, 2010
posts:985
votes: 0


Millions of Android handsets including the Samsung Galaxy S3, Galaxy S2, HTC One X and HTC Desire can be wiped just by visiting a malicious website that embeds particular code in weblinks, security experts have warned.

A user with a vulnerable handset who visits a page and clicks a link containing the malicious code would see their phone wiped, losing personal data such as photos and texts as well as replaceable data such as contact details and apps.

[guardian.co.uk...]
4:56 pm on Sept 27, 2012 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:22287
votes: 236


Ouch!

That's a nasty hack.

I guess if you have one of those devices you'll have to wait a while for the solution to roll out.
5:03 pm on Sept 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 14, 2010
posts:985
votes: 0


I have a Samsung semi-smart phone and it does link all digits that appear in various contexts of text messages and such. It's not one of the models mentioned here in this story. I have no doubt that WW members are smart enough to not fall prey to this but figured it was worth posting anyway. Could be of help to spread to lesser technically inclined friends.
5:29 pm on Sept 27, 2012 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:22287
votes: 236


@SevenCubed
Thanks, I appreciate the posting as I have one of the devices mentioned.

I do dread the updates as they tend to 'wipe' the data in any case. Knowing that, i back up beforehand.

Getting caught out by this would be very, very annoying.
7:50 am on Sept 28, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 29, 2005
posts:1870
votes: 41


Thanks for that. The Guardian article has been updated to say it might not affect HTC phones - check it out for yourself though to be sure.
11:42 am on Sept 28, 2012 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


An additional heads up..check that page using Google's built in browsers in android..3rd party browsers such as Opera, do not fire the "pop up" described on Dylan Reeve's site..
[dylanreeve.com...]
So you may go there, see no pop up, and think you are safe..using the Google browser built into Android will fire the "auto pop up" ( which is not actually a "pop up" but is an auto launch of the phone's dialer ) ..it either launches with *#06# displayed ( then you are not vulnerable ) or ( with your phone IMEI number (a 14- or 16-digit number) then you are potentially vulnerable to attack ) ..I tested this "browser dependent behavior" with my phones and then with some belonging to friends..Opera does not launch the "dialer " at all ..so using Opera you might think you were safe..
But if your phone is vulnerable, the first time you hit a link formed in this way using Google's built in browser ( the one behind the "Planet Earth" icon ), you will have it wiped..

Other mobile browsers on Android may also not react to the test ( theoretically any browser which does not react at all to the test ..ie; does not launch the auto dialer, is safer, even on a vulnerable phone, than Google's own built in browser* ) and may lull one into a false sense of security..

* I wouldn't count on it though..better to be patched and protected..
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members