Tuesday, September 25, 2012
[Update: Not Just Samsung] Exploit Could Force Factory Reset On Many Android Phones
Update: This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected. The fact is, this is not a Samsung problem, it's an old Android problem that has been known about for some time. More recent versions of Android avoid the wipe issue, but unpatched devices (like some Samsung phones) may still be vulnerable.
Ouch. This is not the type of PR Samsung needs right now. Apparently a new vulnerability has been found that can force a factory reset with zero user interaction on many Samsung phones running TouchWiz. The bug is found within the stock TW browser, which allows direct execution of dialer codes like the one used for this exploit. This code is easily embedded into HTML, so one tap of a malicious link will reset the phone instantly. Other browsers, like Chrome, Dolphin, etc. aren't affected, so we highly recommend switching if you've been using the stock TouchWiz browser.
At this time it's unclear exactly how many Samsung phones are affected, but so far users have been able to reproduce the issue on the Galaxy S II (assume all variants), the Galaxy S Advance, Galaxy Beam, and Galaxy Ace, among others. From what we're hearing, the international GSIII variant should be unaffected, and the AT&T version was updated with a patch for this very exploit last week. It's unknown at this time whether or not the Sprint, Verizon, and T-Mobile variants are susceptible.
We'll keep you updated as more information comes to light.
source
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment