Android obliterate on cards with new vulnerability

It appears there is yet another threat to the Android operating system out there, this time bringing the risk of wiping data, including contacts, photos or music or disabling the smartphone due to a security flaw that was found several months ago, but has apparently gone unnoticed since then.

According to an article over on the Huffington Post, computer security researcher Ravi Borgaonkar said in his blog on Friday that if you click on a link or mobile app embedded with malicious code it can trigger an attach that is capable of destroying the memory card in Android devices that have been manufactured by Motorola, HTC, Sony and Samsung.

Whilst another malicious code can erase data by performing a factory reset, but this only seems to target newly released, top selling Samsung smartphones such as the Samsung Galaxy S3.

Apparently Borgaonkar told Google about the vulnerability back in June, and a fix was issues quickly however the public wasn’t told, and thus leaved handset owners largely unaware of the problem and just how they could fix it.

Apparently Samsung has said that only early production models of the Samsung Galaxy S3 were affected, whilst a software update has been pushed out for that handset, and Samsung is conducting an internal review to determine if other devices are affected, and if so, what action is required.

Samsung is advising their customers to check for software updated through the ‘Settings: About devices: Software update menu available on Samsung handsets. Whilst the word is Google has declined to comment on the matter.

According to the researcher, the bug takes advantage of the phone’s functions that allow them to dial a number directly from a web browser, and the SIM can also be destroyed remotely in the same way, with Borgaonkar writing, “Vulnerability in Android can be exploited to kill the SIM card permanently by clicking a single click. After the successful attack, the end user has to go to the mobile network operator and buy a new SIM card.”

Live Comment

Your email address will not be published.