in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

BYOD Security: Most Samsung Phones Currently Vulnerable To Remote Wipe Hack

While doing a presentation at a security conference in Argentina, a German researcher showed how only Samsung smartphones running Google Android could be forced to perform a factory reset, wiping the handsets' contents, just by visiting a malicious site.  This is more than a smartphone security issue, though: it's a story that shows how BYOD security can come to a screeching halt by slow-moving parties.

Samsung Touchwiz at Heart of Problem

It should be noted that the hack only affects Samsung smart phones, but not all Samsung smart phones.  At the core of the problem is Samsung's Touchwiz user interface.  Apparently, it's been setup so that they automatically run a USSD code for a factory reset.  As far as I can tell, pcmag.com has the best description of what's going on:

On Tuesday, researcher Ravi Borgaonkar demonstrated how he wiped out a Samsung Galaxy SIII simply by opening a website containing an HTML tag for a call function, and replacing the telephone number with the USSD [Unstructured Supplementary Service Data] code for a factory reset. USSD codes are commands that are executed by entering them in your keypad—for instance if you dial #*#INFO"*" you can access certain menu settings. For every Samsung phone running Touchwiz, there's a unique set of USSD codes that performs various commands.

The problem appears to lie within both the Samsung dialer and Touchwiz's stock Android browser. Unlike most dialers, Samsung's automatically makes the call while others still require the user to hit "send."

The Fix: Already Here

A quick "fix," according to a comment I've read is to have two dialers in the phone.  This way, Android will always prompt which one to use, interfering with the autodial aspect.  However, a hack to the hack should not be necessary because the vulnerability was disclosed "to manufacturers and carriers in June, and a patch for the firmware was quickly released," according to pcmag.com.

So, technically, the screw up is not with Samsung.  In fact, it was confirmed by TeamAndIRC via Twitter that "the USSD code issue in the SGS3 is patched, and has been for some time. Current i747 and i9300 firmware are not vulnerable."  This means that the Galaxy S III on AT&T and the European Galaxy S III are not vulnerable at the time the news is making its way via the internet, and confirms the presence of a fix.

What's keeping the other carriers?  It might be Samsung's vulnerability, but it feels like the carriers' screw-up.

I don't get it.  BYOD promises to be the next big trend in business, which means that it will push more people towards adopting smartphones.  Hardware manufacturers are obviously salivating over the possibilities, but so, too, must be the carriers.  Why are they working arduously to hamstring themselves by letting easily fixable thing like these fester?


Related Articles and Sites:
http://securitywatch.pcmag.com/none/303097-dirty-ussd-hack-wipes-samsung-phones-is-yours-vulnerable
http://www.cnet.com/8301-17918_1-57519690-85/multiple-samsung-handsets-vulnerable-to-remote-wipe-hack/
http://androidcommunity.com/some-samsung-handsets-vulnerable-to-factory-wipe-hack-20120925/

 
<Previous Next>

UK BYOD Protection: Information Commissioner's Office Seeking Custodial Sentences, Clarifies Monetary Penalty Not About Data Breaches

Data Security: IEEE 100K Username And Password Breach Analyzed By Whistleblower

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.