VIDEO: Samsung Galaxy SII vulnerable to complete data loss by clicking one link

At a recent Security Conference in Buenos Aires, Telecommunications researcher Ravi Borgaonkar demonstrated a very simple yet unprecedented vulnerability in some Samsung mobile phones, which, when implemented would result in a complete factory reset of the phone – and loss of all data. EFTM has conducted our own tests and we have the video to prove it.

The vulnerability uses a Telco carrier connection code (USSD) to perform the factory reset, and while it’s something that almost any Android phone could be subject to, normally it would require the user to perform an action, such as clicking a button.

But because of the added layer of software Samsung has built into some of its phones, this USSD code can be “dialled” automatically by the phone, and in the process, the phone is reset.

Here’s how it works.

The attacker, places a very simple line of code into a web page. If you had the address of the page and visited it, your phone would reset. But why would you go to such a page?

Well, imagine you got a direct message on Twitter, or a Facebook message from a friend saying “Wow, this is such an awesome video, check it out http://etcetcetc.etc”. You think “Okay, right, that sounds good” and you click. Hey presto, you’ve visted the site and your phone is turning itself off and wiping all your data.

You didn’t realise your friend’s Twitter or Facebook account was compromised, and it wasn’t really your friend sending that message. We’ve all seen these types of attacks before.

This code could be built into an existing page, so you might be visiting a legitimate looking site only to have the same thing happen.

As Ravi explained in his presentation, this could also occur via tap and go transmission of a web address (NFC) or by QR code as I’ve demonstrated below.


Recent Posts

  • Tech

Samsung Galaxy Unpacked announced for July 22 – new foldables and wearables incoming

Samsung have announced their next hotly anticipated Galaxy Unpacked event will take place in London…

17 minutes ago
  • Tech

Telstra Network down – Users experiencing issues across Telstra and Sub-brands Boost and Belong

Some Aussies are waking up this morning to zero bars of coverage on the Telstra…

3 hours ago
  • Tech

Nothing Ear (3a) Review: Vibrant Colors Meet Innovative On-Board Recording

Alongside the all-new Phone (4b), Nothing have also launched their latest pair of earbuds with…

14 hours ago
  • Tech

Nothing Phone (4b) Review: All-day power on a budget

Tech company Nothing has already unveiled their Phone 4a series this year, with the very…

14 hours ago
  • Lifestyle

The changeover of financial years can be a stressful time – Scammers know that

It's that time of year where its out with the old and in with the…

15 hours ago
  • Tech

The EFTM podcast – Talking TVs with Hisense and giving to Margaret for her nursing home songs!

This week we reconnect with Margaret who has been writing songs for Nursing home residents…

20 hours ago