Samsung Smartphones Vulnerable To Remote Wipe Hack 151
DavidGilbert99 writes "Security researchers have discovered a single line of code embedded in websites which could wipe all data from your Samsung Galaxy S3 and other smartphones. Samsung smartphones including the Galaxy S3, Galaxy S2, Galaxy Ace, Galaxy Beam and Galaxy S Advance all appear to be affected by the bug which triggers a factory reset on your phone if your web browser is pointed to a particular website. Smartphones can also be directed to the code through NFC or using a QR code. Once the process has been initiated, users are have no way of stopping it. The hack was unveiled at the Ekoparty 2012 security conference in Argentina by Ravi Borgaonkar, a security researcher at the Security in Communications department at Technical University Berlin. ... Only Samsung smartphones running the company's proprietary TouchWiz user interface appear to be affected. According to telecoms engineer Pau Oliva, the Samsung Galaxy Nexus is not affected, as it runs on stock Android and doesn't use the TouchWiz skin on top." Hit the link above for a video demonstration.
Manufacturer's Android (Score:3, Interesting)
People still use the manufacturer's version of Android ? (Any manufacturer, not only Samsung).
It is bloated, slow, full of useless crap.
The first thing I do on any new android phone that lands in my hands is to replace the firmware with something less full of )(@#*)(#$.
Re: (Score:3)
Some people might not like voiding their warranty the day they buy their phone.
Re: (Score:2)
Some people might not like voiding their warranty the day they buy their phone.
Which is why we all make a nandroid backup before flashing a new firmware.
Re:Manufacturer's Android (Score:5, Interesting)
Some people might not like voiding their warranty the day they buy their phone.
Which is why we all make a nandroid backup before flashing a new firmware.
> Some people might not like voiding their warranty the day they buy their phone.
Manufacturers can lie about warranty-invalidation until they're blue in the face. The Magnuson-Moss Warranty Act ( http://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty_Act [wikipedia.org] ) is a potent weapon that no manufacturer, not even Apple in their most arrogant AT&T-exclusive hissy fit, would dare to push back against because the FTC will smack them down and make a total example out of them.
Under Magnuson-Moss, a manufacturer can only deny warranty coverage if they can demonstrate that whatever the consumer did was literally the cause of the failure... and historically, the FTC hasn't made their job easy. They basically get one chance to make their case to the FTC, and if the FTC thinks the company is harassing the customer and wasting their time on a silly excuse, it will instantly smack them down and hit them with a huge fine.
If the manufacturer wanted to use "we had to reflash it via JTAG to stock" as an excuse for denying the claim or imposing a service fee, they'd have to testify that they don't routinely JTAG-reflash to stock as a troubleshooting step anyway.
If they tried to argue that you somehow triggered a condition via software that caused damage (say, setting a pair of directly-connected GPIO pins to outputs, with one high and one low), they'd still be backed up against the wall and told they were idiots for not putting a resistor between them, or at least going out of their way to make it abundantly clear to end users that custom firmware must never, ever do that specific action. In stark contrast to most consumer non-law, the FTC takes consumer rights seriously, and doesn't take crap from companies who try to wave vague disclaimers around and use them as an excuse and blanket license to run roughshod over consumers. The barrier isn't quite insurmountable, but a company that tried to fight it would have an uphill battle, and quickly discover that its usual dirty tricks weren't going to work this time around.
Companies doing dirty tricks with warranty coverage is nothing new. The same things phone manufacturers try to do today, American automakers did to our parents and grandparents openly and proudly, with a dash of extra salt to rub into consumer wounds ~30 years ago.
Magnuson-Moss is a rare gem of consumer-protection law passed by an angry congress fed up with the increasingly-bold abuses of the 3 most powerful companies in America at the time. Apple, Samsung, HTC, and Motorola might be powerful... but they're *nothing* compared to the "Big Three" American automakers circa 1975, and they know it.
Unfortunately, it's NOT against the law for a company to blatantly lie about its legal responsibilities, so companies can say anything and put all the restrictive text they want to put in their warranty descriptions. You just have to know that when push comes to shove, all you have to do is whisper the magic phrase "Magnuson-Moss" to get your complaint *instantly* escalated to the most senior manager on site and get total white-glove treatment and profuse apologies for the "misunderstanding" (inevitably blamed on the tier-1 support staff, who were just doing what the script told them to do).
Re: (Score:2)
I rooted it and replaced it with non-touchwiz ICS after a few months. It was not really that different to me.
Seems to me that slashdotters and mobile enthusiasts get upset about touchwiz at least on principle, not on any real disadvantages on it. Well... aside from the current vulnerability, so maybe they have a point. Anyway, yes, it comes with Need for speed and some other crap you didn't ask for, and yes some of it can't be
Re: (Score:2)
This bug is nasty, I installed exDialer as a workaround as explained in the XDA thread about the bug. I hope
Re: (Score:2)
The second thing I do is install Cyanogenmod. The first thing I do is make sure the device works (sucks having a new cellphone that doesn't work).
Re:Manufacturer's Android (Score:5, Insightful)
Because this is what the average person does when they buy a driod?
You have to realize...the greatest strength of Andriod is also its greatest failing. Sure, you CAN load a custom firmware...but outside of the tech circles, who the fuck actually DOES it?
Re: (Score:2)
I wish there was a more streamlined process for loading custom firmware on an Android phone. I know this is pretty unrealistic, given the number of models out there, but I can still dream, right? I loaded CM on my niece's Galaxy S, and the amount of work it took surprised me (won't list it all here, as I'm sure most people know the process better than I). Once I had it "primed", loading different firmwares was a snap, but getting it to that point was less than fun, and that's probably what stops most peo
Re: (Score:2)
I wish there was a more streamlined process for loading custom firmware on an Android phone. I know this is pretty unrealistic, given the number of models out there, but I can still dream, right?
Wasn't Ericsson doing something like this ? I remember some talks about them opening a support line and all that to make it easy for people to replace their firmware.
Re: (Score:2)
http://unlockbootloader.sonymobile.com/ [sonymobile.com]
Re: (Score:2)
You mean not everyone likes buying a product and then having to spend time fixing it before they can use it? Say it isn't so!
Re: (Score:2)
Yes, they do. About 95% of people out there would answer "yes" when internet explorer asks "Are you sure you want to install this virus?". And you expect those people to install custom firmware?
Re:Manufacturer's Android (Score:5, Informative)
People still use the manufacturer's version of Android ? The first thing I do on any new android phone that lands in my hands is to replace the firmware with something less full of )(@#*)(#$.
I hate to break it to you, but you are not representative of "people" when it comes to this sort of thing. Most people a) are perfectly happy with everything their phone does when it comes out of the box, b) don't even know they can reflash their phone and c) wouldn't have the first clue how to go about it if they did.
Re: (Score:2)
People still use the manufacturer's version of Android ? The first thing I do on any new android phone that lands in my hands is to replace the firmware with something less full of )(@#*)(#$.
I hate to break it to you, but you are not representative of "people" when it comes to this sort of thing. Most people a) are perfectly happy with everything their phone does when it comes out of the box, b) don't even know they can reflash their phone and c) wouldn't have the first clue how to go about it if they did.
Then they should be buying an iPhone.
Seriously. I'm not an apple fan boy or anything but, out-of-the-box, I find the iPhone to be better(*). The reason I own 3 Android phones and not a single iPhone is because, after I tweak it, they become faster, better and exactly how I want them to be.
* - Of course, I'm disregarding price and different hardware functions, like a qwerty keyboard. Take this as a comparison between the iPhone and an equivalent android device.
Re: (Score:1)
I disagree. Watercooler talk at my office I often hear complaints about forced bloat. There are many luddites I work with that go out of their way to root their Android phones without asking the IT department to do it for them and then hold it high and proudly announce that they've done so without bricking. And these are the types of users that have a difficult time docking/undocking a laptop ...
Re: (Score:2)
If you stick to buying a phone that has an unlocked bootloader, or one that has been cracked, then you are golden. If not, you either wait or never get the option.
And there are some phones that are never unlocked.
Good advice that ya just can't always take.
Re: (Score:2)
If you stick to buying a phone that has an unlocked bootloader, or one that has been cracked, then you are golden. If not, you either wait or never get the option.
And there are some phones that are never unlocked.
Good advice that ya just can't always take.
That is one of the things I check before buying. Turns out most phone are either unlocked or cracked. But you are correct, not all of them are, and people should be careful.
Re: (Score:2)
Almost, but not quite. There are plenty of Android phones with bootloaders that are unlocked (officially or otherwise), but are still stuck with old kernels because they depend upon binary loadable kernel modules that are not themselves open-source. Remember, Linux doesn't have a stable ABI, so loadable kernel modules ("drivers", in Windows parlance) are specific to a kernel version.
This is probably the #1 source of recurring grief at xda-developers.com. Every new version of Android ships with a new kernel
Re: (Score:2)
I had to reflash my ancient V3i today. I just love the phone, and figured I might as well give it a go since the bootloader was crapped out already, there was little to lose. So I grabbed an image (took some finding), ran the flash update software, and I've gone from Vodafone-locked and branded to completely unlocked and no branding.
If I'd thought to do that five years ago, I'd've been even happier with it than I already am.
Re: (Score:3)
Good timing, I switched my T-Mo Galaxy S2 over from a customized version of their stock rom to Cyanogenmod this morning, since I have my VoIP/Wifi calling solution tested to my satisfaction. The integrated/zero setup Wifi calling that T-Mobile offers was the one compelling feature of Touchwiz for me.
I seriously think that T-Mo should investigate moving Wifi calling back out into a standalone APK like it used to be. There are lots of folks like me who like the idea but prefer to have a non-T-Mo handset to us
Re: (Score:2)
Good timing, I switched my T-Mo Galaxy S2 over from a customized version of their stock rom to Cyanogenmod this morning, since I have my VoIP/Wifi calling solution tested to my satisfaction. The integrated/zero setup Wifi calling that T-Mobile offers was the one compelling feature of Touchwiz for me.
I seriously think that T-Mo should investigate moving Wifi calling back out into a standalone APK like it used to be. There are lots of folks like me who like the idea but prefer to have a non-T-Mo handset to use it with, but still on T-Mobile's network, which AFAICT should be the primary product.
If you are careful, you can migrate most of the native apps to the new firmware. I did it with Motorola's MotoID. Make a backup with Titanium Backup, and restore it after flashing.
Exclusive free bonus content! (Score:2)
ROOT IT!!! (Score:2)
Root your android! It will never truely be yours until you do! You can never trust it until you're certain it doesn't call home to your provider.
I have a Samsung Galaxy S2. I'm running a modified ICS spin I downloaded from xda-developers.com with GO Launcher. Touchwiz sucks.
Re: (Score:2)
Of course not. One of the requirements for buying an android phone is proving that you have the ability to put a custom version of the OS on it. Are you even seriously asking that? Whomever modded you up should be brought into the corporate offices at Digg and promptly shot.
Re: (Score:2)
People still use the manufacturer's version of Android ? (Any manufacturer, not only Samsung)
The exploit has been tested and shown to wipe a phone running Cyanogen Mod.
https://dylanreeve.posterous.com/remote-ussd-attack-its-not-just-samsung [posterous.com]
Re: (Score:2)
People still use the manufacturer's version of Android ? (Any manufacturer, not only Samsung).
It is bloated, slow, full of useless crap.
So Android phones as shipped are not fit for purpose? Doesn't surprise me.
Re: (Score:2)
Seriously, How come nobody has come up with this for IOS. Do you realize how many apple droids spend money having somebody reset their phone?
Re:Manufacturer's Android (Score:5, Informative)
I don't think he's talking about that. That's not full of crap from the manufacturer (Samsung). The Nexus devices are free of all of that crap.
The S III I bought recently got the root/CWM/AOKP treatment within the first couple hours of ownership (as soon as the kids went to bed).
Re: (Score:2)
Re: (Score:1)
Because "quite nice" is not exactly what you want your smart phone to be. Try "amazing" like iPhone.
Huh. That's one strange definition of "amazing" you've got there. I'd look up where you found that definition, but the last time I asked my iOS6 phone to look up the location of something, I wound up in southern Brazil when I was trying to get across New York City.
Re: (Score:3, Funny)
Because "quite nice" is not exactly what you want your smart phone to be. Try "amazing" like iPhone.
Amazing? You have an iPhone..... don't your type usually say "FABULOUS!"
Re:Manufacturer's Android (Score:4, Interesting)
Because "quite nice" is not exactly what you want your smart phone to be. Try "amazing" like iPhone.
Sounds like apple fanboy talk to me. A smartphone is a smartphone, the amazing should have worn off shortly after you got your first one regardless of the model.
Re:Manufacturer's Android (Score:4, Insightful)
Correct. Yay freedom!
You have the same freedom on an iPhone (Score:1, Flamebait)
[Android is] the PC reincarnated into a mobile device
Correct. Yay freedom!
You have that same freedom on the iPhone - you can jailbreak.
The difference is that the default non-technical user does not get this "freedom" without some understanding technology that enables them to properly handle the freedom they have...
People like to bring up Android as the platform of choice - but why is it not a valid choice to want a platform more secure by default, again for non-technical users?
Re:You have the same freedom on an iPhone (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It is analogous (Score:3)
You seem to think that jailbreaking to load Cydia and some pirated apps is somehow analogous to being able to reload the device with 100% open-source software from the ground up...
Why is it not? After jailbreaking you can change anything on the OS. There's no need to reload the whole thing (although that too is possible) when you can instead change any aspect of the way the system behaves.
Cydia is all about modification of system and third party apps, plus applications that Apple would not approve. And y
Re: (Score:3)
Correct. Yay freedom!
The freedom to buy a machine loaded with crapware, and then spend time getting it to a fit state to use. Yes, Android sounds very much like the PC platform.
Re: (Score:1)
Re:Manufacturer's Android (Score:5, Funny)
Everyone who uses a computer with a network interface uses a MAC.
Re: (Score:3)
Re: (Score:2)
Informative? The mods who modded "funny" get it. Hint: he's not talking about computer makes and models, he's talking about network addressing.
As Mr. Leghorn says, "It's a joke, son."
Re: (Score:2, Informative)
It's actually more like 93% and very slowly diminishing (given Apple's high costs). I suspect over time we'll also see a small percentage of people become tablet-only.
However, it's interesting to see the sentiment shift. Years ago, the assumption about PC use was that Microsoft's unfair business tactics, rather than the superiority of the platform, were what caused the dominance.
Re: (Score:1)
Steve Jobs: "You can have our devices in any configuration you want... as long as you what you want appears on this extensive, exhaustive, comprehensive list:"
1. white
2. black
Re: (Score:2)
Re: (Score:2)
"something I paid for, "
For most of us smartphone users, we haven't actually finished paying for our phone. We 'bought' them at the subsidized price, and are paying them off with a slightly inflated monthly service fee. When the contract is up, we 'paid for' them. Sort of.
Which is one reason I kept my G1 for so long...
Re: (Score:2)
We 'bought' them at the subsidized price, and are paying them off with a slightly inflated monthly service fee.
Slightly inflated? I paid $100 for my feature phone, a $50 one-time connection fee, and pay $45 per month for unlimited talk, text, email, 411, intenet, roaming, and probably one or two more I forgot about. How much is your monthly bill? I don't know anyone with an iPhone or an Android that's paying less than twice what I pay every month. I can't call >100% "slightly" inflated. In a year you've
Re: (Score:2)
Well, if you made a bad business decision, to be frank that's your problem: always compare prices.
When I got my android phone a year back I researched it extensively, and found that I'd be paying about the same for the phone if I bought it outright or got it with the contract; basically making my purchase a zero-interest loan if I got it with the contract. Since I would have the exact same contract regardless, that cost isn't a factor.
Perhaps this is unique to the Swedish marketplace, or perhaps it was just
Re: (Score:2)
Well, if you made a bad business decision, to be frank that's your problem
Agreed, that's why I'm paying $45 per month for unlimited everything.
Perhaps this is unique to the Swedish marketplace
From what I've read, all you folks in Europe are a lot luckier than us in the US when it comes to phones. You get the phones cheaper, don't get locked into a carrier, and pay far lower rates if what I've read is to be believed. It's pretty bad here in the US.
Re: (Score:2)
I'm guessing you're willing to help every hamster out there replace their stock firmware, right? Mainly because they aren't as competent as you are.
Hamsters get smartphones these days? I don't even let my dog have a phone.
Some people and their pets.
Re: (Score:3)
I don't even let my dog have a phone.
And I thought humans were the only animal to enslave their own kind.
(Note to others, check poster's name)
Sure you can stop the remote wipe... (Score:1, Funny)
Just initiate a faster local wipe before the remote wipe finishes.
An strong, nearby EMP should do the trick. If that doesn't work, a nuclear explosion close enough to vaporize the phone will.
Re: (Score:1)
Or a strong physical shock also fixes the problem. If you notice it happening, you must immediately throw the phone against another surface hard enough to physically disconnect the CPU from memory, preventing the wipe from completing. Make sure you do it hard enough the first time, because the wipe will be completed before you can pick it up and throw it again.
Oh. A web page. (Score:1)
Until I read the description, I thought they had slavishly copied Apple again [wired.com].
"Hit the link above for a video demonstration" (Score:2)
Re: (Score:2)
Re: (Score:3)
If that's what the link did, it would probably be the most impressive troll I've personally seen.
That's what backups are for (Score:4, Interesting)
Re:That's what backups are for (Score:5, Funny)
You're more likely to drop the phone in the toilet then getting hacked.
I doubt you'll get hacked after having dropped it in the toilet, and if you do you have some rather unfortunate luck.
Re: (Score:1)
Re: (Score:3, Insightful)
Release the patch soon!? Obviously, you've never tried updating an android phone :D
Re:That's what backups are for (Score:5, Insightful)
Mod Up! Carriers have no motivation to send ROM upgrades. Even if samsung makes them available, I am pretty sure the carriers would never find it worth the airtime to send you the upgrade.
Re: (Score:1)
Guess what, you're exactly right. [pcmag.com]
Shankar told Security Watch that he'd disclosed the vulnerability to manufacturers and carriers in June, and a patch for the firmware was quickly released. But to date, only Google and certain European carriers have sent an over-the-air update to device owners. Hardware manufacturers, including Samsung, have applied the update to their phones as well. So if you buy an unlocked Samsung Galaxy S III from a Samsung store today, you're safe.
"I decided to go public because everyone has the patch now, they've just been sitting on it for months," Shankar said. "It's the duty of carriers to make sure everyone's devices are safe."
Re: (Score:1)
Re: (Score:2)
Did you watch the video?
They just typed the code in manually. AFAIK this is intended behaviour.
The vulnerability was that you could accidentally trigger this through a web link. They didn't test that on 4.1.1, so we still don't really know whether it is vulnerable.
If you have physical access to the phone you could just as easily do a factory reset through the settings. You could do the same on an iPhone.
Anyone know if the 4.1.1 version can be wiped by clicking a web link? If not then I can't see what the pr
Re: (Score:2)
Huh? Samsung have already released the patch for most galaxy S3s. It was several weeks ago in my case.
http://www.androidpolice.com/2012/09/25/video-most-galaxy-s-iii-devices-are-not-vulnerable-to-ussd-wiping-exploit-it-was-already-fixed-in-an-update/ [androidpolice.com]
The patch came over the air and installed with the touch of an on-screen button.
Oh so difficult.
It was a pretty nasty vulnerability, but I'm glad to see it is fixed (for me anyway).
Re: (Score:1)
You're more likely to drop the phone in the toilet then getting hacked. Besides, I'm sure Samsung will release a patch soon, so no need to run to the Apple store!
If someone want's to subject themselves to apple's restrictions, I usually encourage them - it will likely be an educational experience. Moreover, they'll probably be on a long and expensive contract that they won't soon forget.
Re: (Score:2)
Educational? I would imagine that the typical usage pattern of most Android users is the same as most Apple users. That is to say, they browse the web, check email, watch the occasional video, and download apps from their respective stores. Most people could use either platform interchangeably without issue. It's those folks who like to tweak and customize that are left in the cold on Apple's devices.
I could be wrong, though. I'm not exactly researching the topic, just going by my personal observations
Re: (Score:1)
Educational? I would imagine that the typical usage pattern of most Android users is the same as most Apple users. That is to say, they browse the web, check email, watch the occasional video, and download apps from their respective stores. Most people could use either platform interchangeably without issue. It's those folks who like to tweak and customize that are left in the cold on Apple's devices.
I could be wrong, though. I'm not exactly researching the topic, just going by my personal observations.
Here's an example. I have a friend who doesn't know anything about computers.. She bought a "now that's what I call music" cd at walmart and wanted me to put it on her iphone 4s. Ripped it to mp3's and... discovered the iphone won't mount as a drive, AND if we were to install itunes on my pc and connect it, apparently it would erase all her other music from her phone. No SD card slot, so that's not an option either. It seems you have to do everything from one pc. There are more examples, but that was
Re: (Score:2)
That's a good point. I ran into the same issue when I was helping my mom with putting an audiobook on her iPhone (she had been using a nano, but left it at a hotel). The iPhone had been synced with another computer, so iTunes wanted to erase the phone. There is a solution to the problem, but it's a bit involved. Basically, you have to use a 3rd-party program to transfer the phone's (or iPod's) library to the second iTunes install, and it will let you do it. It's definitely an area Apple ought to look i
Re: (Score:2)
She has itunes.. she's already copied music from her computer to her phone so she knows how to do that. Why would you not just tell her to rip the CD in itunes:
insert CD
select tracks
click on "Import CD" button
wait..
Eject CD
It's just about as simple a process as it can get. In fact I think all the modern versions of iTunes just ask you if you want to import the CD as soon as you put one in so the above becomes:
insert CD
click OK
wait...
Eject CD
After that it's just copying the music to her phone which she alr
Re: (Score:2)
Wouldn't I be subjected to the same long and expensive contract if I bought an S3, or does Samsung provide free data plans? (You can purchase both the iPhone and the S3 no commitment)
Re: (Score:2)
Wouldn't I be subjected to the same long and expensive contract if I bought an S3, or does Samsung provide free data plans? (You can purchase both the iPhone and the S3 no commitment)
Sure, but most people go with the contract and $200 out of pocket (and usually higher corresponding airtime rates for prepaid service if I remember right) rather than laying out $600 bucks up front.
My point is that although Apple's got a reputation for being extremely easy to use, a good portion of that is not well earned. A lot of it is on account of the severe restrictions they place on paying customers. I've got several non techie friends who switched from android or blackberry to the iPhone 4s and m
Here comes the lawsuits! (Score:5, Funny)
You'd have thought Samsung would learn their lesson already. Don't they know that Apple patented remote data wipe technology years ago [macworld.com]?
=Smidge=
Re: (Score:1)
You'd have thought Samsung would learn their lesson already. Don't they know that Apple patented remote data wipe technology years ago [macworld.com]?
=Smidge=
Blackberry had that feature long before iPhone 3 came out. The article you linked doesn't mention anything about a patent, I suspect it's either not patented or rim owns it.
Link Warning (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Flashblock will fix that for you. Videos don't play until you click them.
Tested it on my phone, didn't work (Score:3, Interesting)
The problem can be avoided by using another dialer (Score:5, Interesting)
Luckily Android can be very customized and thus we can work around this.
This can be blocked if you use an alternative Dialer App.
E.g. Exdialer [google.com] (free).
Read the XDA thread [xda-developers.com] where they investigate.
"The best solution i see at the moment is to install another dialer - when you navigate to malicious page android will display "choose dialer" dialog before doing anything, and you can cancel the operation by pressing back button. Just don't check "default" checkbox." (Source [xda-developers.com]).
Of course, a confirmation dialogue should have been shown for *any* USSD codes.
To be honest, I still find it crazy that anybody can borrow a Samsung-phone and press *2767*3855# on the dialer and it would wipe it. This will probably not be fixed even if Samsung patches the dialer.
Re:The problem can be avoided by using another dia (Score:4, Insightful)
I mentioned this in another post, but the exploit was already patched a few weeks ago. Source [androidpolice.com].
Re: (Score:2)
Re: (Score:2)
Of course it's an Android problem. Samsung phones are by far the most common flavour of Android phone, and they have "Android" prominently displayed all over the place.
If Google doesn't want manufacturer or carrier screwups to reflect badly on Android then they need to be more careful about licensing use of the brand.
Apple Iphone 5s feature? (Score:1)
What the hell, ibtimes.co.uk? (Score:3)
Re: (Score:2)
Really? (Score:2)
This was already fixed (Score:5, Informative)
Most Galaxy S III Devices Are Not Vulnerable To USSD Wiping Exploit: It Was Already Fixed In An Update [androidpolice.com]
mod parent up (Score:2)
nt
Re: (Score:2)
Did you watch the video?
There's no indication that the 4.1.1 version has the vulnerability. Typing the number into the dialer is the intended way to do it. The issue was in being able to launch the dialer and dial the number after clicking a web link. People with fixed phones have said that the web link just opens a blank dialer.
It's possible that 4.1.1 has not been fixed, but they did not test it correctly.
What they did is hardly a problem, since if you had physical access to the phone you could factory re
Apple (Score:1)
The question is what Apple will say about this feature.
Now...a backup (Score:1)
users are have no way of stopping it? (Score:1)
No way of stopping it eh? (Score:2)
What, if I yank the battery and then put it back and start up, it will resume the process? Granted you'd probably have to be super fast for that to help, but still...
Not a Touchwiz- or Samsung-specific problem (Score:3)
Exploit works on non-Samsung phones too.
https://dylanreeve.posterous.com/remote-ussd-attack-its-not-just-samsung [posterous.com]
Here is a better URL for the video (Score:2)
um... (Score:2)
take out the battery?