Newly discovered Android security flaw can delete all data

In a rather shocking revelation, a researcher with the telecommunications department of the Technical University of Berlin exposed a serious security loophole in Samsung Android smartphones. At the Ekoparty Security Conference in Argentina, Ravi Borgaonkar revealed that the security flaw makes it possible for hackers to access data stored in the phone by simply sending an SMS or by prodding the user to visit a suspicious URL.


The report shares that all mobile phone manufacturers employ special USSD codes, which users can type on the dialpad, to access support over the phone. “One such code - *#06# - is used to display a phone's IMEI number on the screen. Another code resets the phone,” added the report. Here, Borgaonkar pointed out that it was possible to create a website with the reset code embedded in it. When a user visits a URL with the reset code for Samsung (*2767*3855#) embedded in it, the code is automatically executed and wipes all data from the phone.


On gaining access to the phone, a hacker could misuse it by getting a user to scan a malicious QR code or by sending him/ her a malware-ridden SMS or NFC transmission. Quoting Dylan Reeve, a TV editor in New Zealand, who has worked in IT in the past, the report adds that millions of Samsung devices would be hit by this serious security loophole. 


Mobile phone (Image credit: Getty Images)

New security flaw makes Samsung phones vulnerable to USSD attacks (Image credit: Getty Images)



Borgaonkar has recommended that Samsung users check whether their mobiles have been affected by using a test website that he developed. 


This threat is grave because users stand the risk of losing all their precious data. Hence, those who do not have a data back-up should treat it seriously. Quoting a section from the Sydney Morning Herald, the report adds that according to Australian security experts, “the flaw is a 'wake up call' for mobile users who didn't back up their smartphones”.


As per a recent survey by Norton, while 60 percent of Indians agreed that mobile threats are real, roughly 38 percent of the mobile phone users in the country do not have password protection on their phones -- a gaping hole in the belief that mobile security is treated with utmost seriousness. Common knowledge says that a password-protected phone can go a long way in protecting personal information of the owner, should he or she lose the device. Strangely, 17 percent were unaware of the possibility to remotely track their phones using GPS navigation software. 


A new report from Juniper Research found that only 5 percent of smartphones and tablet devices globally come with security software installed, and this, despite the steadily increasing threat from malware, fraud and device theft.


The report forecasts that both corporate and personal users will begin to recognise the need to protect their data and that the demand for mobile security products will increase over the next five years. Projecting the increase and putting it in perspective, the report adds that it will go up to a point where one in five mobile devices will be protected by third party security software.


News Sources

Published Date: Sep 28, 2012 10:45 am | Updated Date: Sep 28, 2012 10:45 am