Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Android Security Cellphones Operating Systems Privacy Software Technology

Remote Attackers Can Force Samsung Galaxy Devices Into Never-Ending Reboot Loop (helpnetsecurity.com) 71

Orome1 quotes a report from Help Net Security: A single SMS can force Samsung Galaxy devices into a crash and reboot loop, and leave the owner with no other option than to reset it to factory settings and lose all data stored on it. This is because there are certain bugs in older Samsung Galaxy phones and tablets that can be triggered via SMS, and used by attackers to force maliciously crafted configuration messages onto the users' device. The bugs allow these types of messages to be executed without user interaction. As the ContextIS researchers who discovered the vulnerabilities explained, this avenue of attack can be abused by crooks to hold users' devices for ransom. "First a ransom note is sent, if ignored then the malicious configuration message can be sent," they noted. If the victim pays up, a configuration message can later be sent to stop the rebooting. The vulnerabilities in question, CVE-2016-7988 and CVE-2016-7989, can be triggered through SMS on the S4, S4 Mini, S5 and Note 4, but not on newer Samsung devices. "It's worth noting that although newer phones such as the S6 and S7 aren't affected over the air, [a similar result] could be accomplished by a malicious app abusing CVE-2016-7988," they added. These specific issues are related to modifications Samsung made to to the Android telephony framework and are found in a Samsung-specific application for handling carrier messages. They've since been patched (November 2016).
This discussion has been archived. No new comments can be posted.

Remote Attackers Can Force Samsung Galaxy Devices Into Never-Ending Reboot Loop

Comments Filter:
    • Now just someone has to get near to the white house and erect a cell with excellent receptional quality that exposes some baseband bug of that phone...

      Extra points if you manage to provoke a nuclear strike with solely one tweet.

  • by Beamer145 ( 948545 ) on Saturday January 28, 2017 @05:24AM (#53753861)
    "leave the owner with no other option than to reset it to factory settings" vs"configuration message can later be sent to stop the rebooting" -> Why not just publish the config message then so the attack becomes useless ?
    • by Anonymous Coward

      Do you need a hint... that was slashdot posting a warning to all galaxy devices to be prepared. Next post will explain the unlock procedure to those who paid.

    • Or, alternatively, upgrade from your Android Hedgehog.
    • by Anonymous Coward

      If the victim pays up, a configuration message can later be sent to stop the rebooting.

      So why can't you just call Samsung and have them send the "configuration message" that fixes the problem? Sounds like Samsung is hoping people will just give up and buy a new phone.

    • I'm curious. Does this attack really work? Does the defense really work?

      If the researchers have an effective attack AND an effective defense why not release both so that we can try it? Aren't there some Samsung users out there (okay all of them) that you'd like to annoy?

      (Sorry, but with the way things are going, being sociopathic is now in vogue)

  • by DeplorableCodeMonkey ( 4828467 ) on Saturday January 28, 2017 @05:33AM (#53753875)

    When a product can be literally rendered unusable through this level of epic fail, it stands to reason that the product was so defective that the customer could not rely on it. Warranty period or not, this is the sort of thing that the government should say "it should never have been built this way, fix it" since we're not talking about the S1 here.

    • by SeaFox ( 739806 )

      Warranty period or not, this is the sort of thing that the government should say "it should never have been built this way, fix it" since we're not talking about the S1 here.

      A way of changing device configuration that cannot be stopped by the user... sounds like what the government wanted from Apple so they could brute-force the passcode for locked devices.

    • by AmiMoJo ( 196126 )

      It's been patched. Maybe they could offer free recovery but it seems like no one has actually been affected.

      • It's been patched.

        [Citation needed]

      • Considering that most (all except Google's?) devices are not allowed to receive updates except once they've been vetted by their cell phone carrier, how can this have been patched? I thought a lot of the carriers stopped offering updates on devices more than one or two generations old

        Anyway, why don't we test it? Post THE ATTACK and see if any devices are still affected :)

        • by AmiMoJo ( 196126 )

          Every Google phone I've ever owned has been unlocked and pure Google. Updates over the air, immediately upon release. I switch carrier regularly too to get the best deal, they never complained or even asked what phone I had.

        • by Anonymous Coward

          I think that's primarily a USA problem; at least here in the Netherlands (or even the rest of the world? yeah, citation needed), carrier-enslaved phones are much less common.

    • Warranty period or not, this is the sort of thing that the government should say "it should never have been built this way, fix it" since we're not talking about the S1 here.

      Yes we need the government to tell a company to fix a problem that they have fixed before the bug was even published, that'll teach them for being ... errr on reasonable time ... next time. ... Wait what?

  • In this day of clouds who actually loses data in a factory reset?

    Seriously if you tick yes to all the default options when setting up the phone you'll end up with something that synchronises all your pictures and videos to dropbox, all your contacts to google, all your app settings and health stats to Samsung, and anyone else who wants to manage data for you. What'sApp are stored on the servers, Facebook doesn't store anything locally, and vast majority of the other apps just access shit online. Even games

    • by Alumoi ( 1321661 )

      In this day of clouds who actually loses data in a factory reset?

      Anybody who values his/her privacy and who doesn't bother with local backup?

      • So no one then? At least not smartphone users.

        • So no one then? At least not smartphone users.

          Can you imagine the porn on those cloud backup servers? At least it gives the IT guy at HQ some stuff to look through during breaks.

    • I certainly have. A day's data with calendared applications, or newly stored passphrases, can be an expensive loss.

    • Android is fairly crap at bluetooth. They still don't even support pinless pairing! I followed a bug report filed during GINGERBREAD about this. It's still active. People are still posting to it, complaining that this basic functionality is not supported.

      • They still don't even support pinless pairing!

        That's because pinless pairing doesn't exist in the spec. It was a quirk of people who abused the Bluetooth 2 spec which *required* a pin code. Any device which supports Bluetooth 2.1 or later can pair via SSP and not need a pin code, this works just fine in Android. Any device with Bluetooth 2 or earlier which doesn't specify a pin code is effectively in breach of the spec. Many devices got around this by hard coding 0000 or 1234 into the device itself.

        In short, not an Android bug, it's a shit vendor made

        • In short, not an Android bug, it's a shit vendor made a shit product bug, and you'll find forums full of the same garbage about people trying to pair with mac, linux and windows too, interestingly most of them often pointing to the same device as the problem.

          It works fine when implemented, there's no reason not to allow it, the users clearly want to see it a lot more than they want to see things that Google has actually implemented. Why should I throw away a perfectly good bluetooth GPS just because Google doesn't want to support some reasonable functionality?

          • Yeah I guess I could make two devices pair by having one send out a random shout of "boo" and the other one replying "aaah". That would work fine too, and is equally not part of the Bluetooth spec.

            The users should tell the companies to go fuck themselves and stick with the established standards rather complaining that Google doesn't support something that isn't part of the spec.

            You should throw away your bluetooth GPS because it clearly got it's bluetooth certification in cereal box. Note I omitted the word

    • In this day of clouds who actually loses data in a factory reset?

      Seriously if you tick yes to all the default options when setting up the phone you'll end up with something that synchronises all your pictures and videos to dropbox, all your contacts to google, all your app settings and health stats to Samsung, and anyone else who wants to manage data for you.

      No thanks. I have a good local backup that can restore the entire system, including the OS and programs, and complete control over what gets backed up or synced. Any time you allow someone else to "manage" your data, you put it at risk. Anyhow, if a person is okay with that, fine. But I go through a lot of temporary data that I just don't want backed up at all, so I need to exclude it from the hourly backups. So admittedly my needs might be a little different than the average schmoo, but even if I didn't ha

      • Any time you allow someone else to "manage" your data, you put it at risk.

        Risk is a metric that takes into account the consequence of a data breach. I'm not some CIA spy. I'll happily tell you any phone number in my phone book and show you any picture I've taken on my phone. My most recent message in WhatsApp is from Rebecca asking me to bring some onions and some tomato concentrate, and the one before that is that the running club was cancelled last Wednesday. My heart rate averaged 65bpm resting and I clocked an average of 9000 steps. I also took a photo of a windmill today and

        • You have the Risk that you don't get your phone numbers back, lose the photos you mentioned and never will know your heart beat at that time again ...

          That was pretty obvious, why did you ask?

        • Risk is a metric that takes into account the consequence of a data breach. I'm not some CIA spy. I'll happily tell you any phone number in my phone book and show you any picture I've taken on my phone. My most recent message in WhatsApp is from Rebecca asking me to bring some onions and some tomato concentrate, and the one before that is that the running club was cancelled last Wednesday. My heart rate averaged 65bpm resting and I clocked an average of 9000 steps. I also took a photo of a windmill today and one of a funny street sign yesterday.

          How much at risk am I?

          Ahhh, good citizen, it looks like you half nussing to hide! Veddy good, veddy good indeed, Ve need mur citizens like you.

          All joking aside, if a person who doesn't do anything but surf Facebook, and collect doggo pix play, Candy Crush, maybe catch the wife taking a shower now and again and get pix when he's feeling frisky - yeah, there isn't a big need to have multi TByte drives sitting around backing up their data, no need for imaging.

          And that's great.

          I deal in a lot of communications, hundreds of e

          • it looks like you half nussing to hide

            No I have plenty to hide. I'm just not stupid enough to hide it on my phone.

  • Is either main version of the Galaxy SIII vulnerable? I'm still running one of the old girls...
  • by Provocateur ( 133110 ) <[shedied] [at] [gmail.com]> on Saturday January 28, 2017 @08:09AM (#53754097) Homepage

    At least it's not going to explo

  • It is not infinite - it gets interrupted when the phone explodes - this is a Samsung phone that we are talking about.
  • They're features. For their blackhat user base.
  • These specific issues are related to modifications Samsung made to to the Android telephony framework and are found in a Samsung-specific application for handling carrier messages.

    Good thing they didn't use the stock Android functionality. Almost makes me agree with the conspiracy guys saying this was the government mandated backdoor.

  • Is that a feature or a bug?
  • Does this attack work on Cyanogen too?

You know you've landed gear-up when it takes full power to taxi.

Working...