As you may have heard by now, a serious security vulnerability was recently discovered that could wipe everything off of some Samsung phones. Although Samsung issued a patch for the Galaxy S III, it turns out it's not just Samsung devices that are affected. Here's how to find out if your Android device is vulnerable.
TV editor and geek Dylan Reeve explains in detail how the remote USSD attack works. Essentially, some phones support special dial codes called USSDs (e.g., dialing *#06# to display the phone's IMEI number). Through malicious links in a website, SMS, NFC beam or QR code, hackers can perform a factory reset on your phone, lock the SIM card, and more?without warning.
If you have a Samsung Galaxy S III, update your device, because Samsung has issued a patch for this. The company is apparently working on fixes for its other TouchWiz devices, but in the meantime Samsung device owners might be able to avoid the vulnerability by switching off Samsung's Service Loading feature under settings.
Reeve has put together a web page where you can check if your phone is vulnerable to this remote wipe threat: http://dylanreeve.com/phone.php. Visit that page on your Android device, and if your phone is vulnerable, you'll immediately see your phone's IMEI number pop up.
I confirmed this with my Samsung Galaxy S II and an HTC Sensation. Other phones that appear to be affected include the HTC One X, Motorola Defy, Sony Experia Active, Sony Xperia Arc S, and the HTC Desire.
If you are vulnerable, you should look for the latest updates for your device. (You can force your device to check ahead of schedule.) Reeve also suggests you install another dialer, such as Dialer One so that a "Complete action using" prompt will show up if a website tries to hack your device. Other advice from users at XDA Developers is to use an alternative browser other than the stock one.
Two apps have also been developed to protect against the vulnerability: Auto-reset blocker and TelStop.
Finally, as always, avoid clicking on any unknown links.
USSD Exploit Test | Dylan Reeve via The Next Web
cm punk cm punk lint buenos aires train crash presidential debate argentina train crash nancy pelosi
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.