Search This Blog

Powered by Blogger.

Blog Archive

Labels

Malicious page can trigger factory reset by exploiting vulnerability in Samsung phones


samsung vulnerability

If you are browsing from Samsung smartphones, you may want to take care when opening webpages. A security researcher has discovered a critical vulnerability in some TouchWiz-based Samsung smartphones including the Galaxy S2 and certain Galaxy S3 models on older firmware.

Ravi Borgaonkar, a researcher in the Security in Communications department at Technical University Berlin, demonstrated the vulnerability at the Ekoparty security conference in Argentina last week.

Borgaonkar's talk, 'Dirty use of USSD Codes in Cellular Network', showed how the Unstructured Supplementary Service Data (USSD) protocol, which is commonly used, can be exploited by attackers.

According to report, a single line of code in a malicious web page can trigger a factory reset without prompting the user, or allowing them to cancel the process.  Researcher says that malicious code can also be delivered via NFC or QR code.

Borgaonkar said that the vulnerability can be mitigated by switching off Samsung's 'Service Loading' feature.



Share it:

Featured

Vulnerability