VIDEO: Samsung Galaxy SII vulnerable to complete data loss by clicking one link

At a recent Security Conference in Buenos Aires, Telecommunications researcher Ravi Borgaonkar demonstrated a very simple yet unprecedented vulnerability in some Samsung mobile phones, which, when implemented would result in a complete factory reset of the phone – and loss of all data. EFTM has conducted our own tests and we have the video to prove it.

The vulnerability uses a Telco carrier connection code (USSD) to perform the factory reset, and while it’s something that almost any Android phone could be subject to, normally it would require the user to perform an action, such as clicking a button.

But because of the added layer of software Samsung has built into some of its phones, this USSD code can be “dialled” automatically by the phone, and in the process, the phone is reset.

Here’s how it works.

The attacker, places a very simple line of code into a web page. If you had the address of the page and visited it, your phone would reset. But why would you go to such a page?

Well, imagine you got a direct message on Twitter, or a Facebook message from a friend saying “Wow, this is such an awesome video, check it out http://etcetcetc.etc”. You think “Okay, right, that sounds good” and you click. Hey presto, you’ve visted the site and your phone is turning itself off and wiping all your data.

You didn’t realise your friend’s Twitter or Facebook account was compromised, and it wasn’t really your friend sending that message. We’ve all seen these types of attacks before.

This code could be built into an existing page, so you might be visiting a legitimate looking site only to have the same thing happen.

As Ravi explained in his presentation, this could also occur via tap and go transmission of a web address (NFC) or by QR code as I’ve demonstrated below.


Recent Posts

  • Tech

Arlo launches intelligent pan and tilt cameras as part of complete range refresh

The entire Arlo smart home security camera range is getting a refresh with new features,…

1 hour ago
  • Tech

Corsair announce the Vanguard 96 mechanical gaming keyboards with integrated LCD screen and Elgate Stream Deck

Corsair has announced the new VANGUARD PRO 96 Hall Effect Gaming Keyboard and VANGUARD 96…

3 days ago
  • Tech

Swann announces 2 new cameras in their EVO range

Swann has announced two additional cameras in their popular EVO range. The EVO Wireless 2K…

3 days ago
  • Tech

Anker SOLIX has a new battery-powered portable electric cooler just in time for camping season — the Everfrost 2

Anker SOLIX has announced the Australian launch and availability of the portable electric cooler, the…

3 days ago
  • Tech

Australian pricing announced and pre-orders open for ROG Xbox Ally and ROG Xbox Ally X

After announcing the new ROG Xbox Ally and ROG Xbox Ally X gaming handhelds back…

3 days ago
  • Product News

Samsung Launches Expanded Galaxy Line-Up in Australia covering wearables, phones and tablets

Samsung has announced a new suite of devices heading to Australia from today, expanding their…

3 days ago