Jump to content


Samsung 'reset' vulnerability discovered - be careful out there!

- - - - -
Started by PaulOBrien , Sep 25 2012 02:48 PM

  • Please log in to reply
12 replies to this topic

#1
PaulOBrien
Posted 25 September 2012 - 02:48 PM

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 35,530 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
A vulnerability has emerged, courtesy of long time Android hacker Pof, which provides the potential for a Samsung handset to be hard reset just by visiting a page containing a specific piece of HTML. Erk!

The issue, which uses HTML to tell the device to run the reset code, applies to the stock Android browser but not to Chrome, so if you are on ICS upwards I would strongly recommend you avoid using the regular browser should your device be vulnerable.

The exploit has been confirmed working on a large number of Samsung devices (including some software releases on the Galaxy S III). You can test if you're vulnerable by crafting as a page shown below but, well, you're potentially gonna blow away your device in the process. :)

Additional USSD codes could potentially also be triggered doing further mischief on your device so it is quite a nasty issue and one that Samsung are apparently looking into now - we'll update the topic as further information becomes available.

Posted Image


Click here to view the item

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image

#2
artesea
Posted 25 September 2012 - 04:30 PM

artesea

    Regular

  • Members
  • PipPip
  • 53 posts
  • Gender:Male
  • Devices:Samsung Galaxy S II
  • Twitter:@artesea
Just wondering, but if you had an app watching for a TEL: intent, possibly with a warning if it was a USSD command which then said do you wish to continue be possible?

#3
PaulOBrien
Posted 25 September 2012 - 08:16 PM

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 35,530 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
That might work...

P

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image

#4
subzer0wbb
Posted 25 September 2012 - 08:44 PM

subzer0wbb

    Newbie

  • Members
  • Pip
  • 42 posts
  • Gender:Male
  • Devices:SGS3, OSD
what about firefox?

#5
Hogweed
Posted 25 September 2012 - 10:00 PM

Hogweed

    Diehard

  • Members
  • PipPipPipPip
  • 392 posts
  • Devices:Huawei Ascend G300
Just install something like "Dialer One" from  Play Store. That will then  become an alternative "tel" protocol handler and you will be prompted for handling app first if you haven't set a default. Also Dialer One isn't vulnerable and will require the user to confirm anyway unlike the stock dialler which just goes ahead with no user confirmation or prompting. Other Dial apps can also be installed.

Has been discovered that Huawei G300 on GB and ICS ROMs is vulnerable to the USSD attack. Not known if it has a "self-destruct" code yet though. See thread (including more details on workaround) at http://www.modaco.co...-vulnerability/

Edited by Hogweed, 25 September 2012 - 10:10 PM.

#6
tsutton
Posted 26 September 2012 - 07:47 AM

tsutton

    Need answers? Use the search feature. :)

  • Moderator Team
  • PipPipPipPipPipPip
  • 2,223 posts
  • Gender:Male
  • Location:Near Norwich, UK
  • Devices:Galaxy S2/HD2 (Andriod)
  • Twitter:@tony_sutton
Latest news is saying that this has "already been fixed in latest version"

- Tony Sutton
- My Ford Focus ST170 car | My Car's Dashcam Video

#7
CIM1
Posted 26 September 2012 - 10:30 AM

CIM1

    Newbie

  • Members
  • Pip
  • 46 posts
not just samsung apparently?

#8
PaulOBrien
Posted 26 September 2012 - 10:45 AM

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 35,530 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
Yeah, concerning! :blink:

P

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image

#9
Colossae3.23
Posted 26 September 2012 - 12:08 PM

Colossae3.23

    Addict

  • Members
  • PipPipPipPipPip
  • 572 posts
  • Gender:Male
  • Location:South Wales
  • Devices:Huawei Ascend G300
there's an app for that :-)

https://play.google.....telstop&rdot=1

Thanks to Cyda, for the heads up

#10
moochermick
Posted 26 September 2012 - 11:43 PM

moochermick

    Regular

  • Members
  • PipPip
  • 54 posts
  • Devices:Huawei g300
other browsers tested same result.
http://securitywatch...d-hack-now-what

#11
t0mm13b
Posted 28 September 2012 - 08:03 PM

t0mm13b

    Hardcore

  • MoDaCo Ad Free
  • PipPipPipPipPipPip
  • 1,775 posts
  • Gender:Male
  • Location:Ireland
  • Devices:GT-S8500,Zte Blade,SE ST15i
  • Twitter:@t0mm13b
https://gist.github.com/3801768 is the change to block/defeat the exploit :)

try{ not_laugh; }catch{ FAIL; }finally{ laugh; }

#12
Colossae3.23
Posted 01 October 2012 - 01:13 PM

Colossae3.23

    Addict

  • Members
  • PipPipPipPipPip
  • 572 posts
  • Gender:Male
  • Location:South Wales
  • Devices:Huawei Ascend G300

t0mm13b, on 28 September 2012 - 08:03 PM, said:

https://gist.github.com/3801768 is the change to block/defeat the exploit data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAMAAAC6V+0/AAAABGdBTUEAANbY1E9YMgAAAiJQTFRFV0AI////V0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIV0AIW0IIV0AIW0IIW0QJW0IIV0AIV0AIV0AIQzQQa0oJbEwJbVELbk4Kb0wJb1QMcVILc1cMlF8Ll2oNmXEQnn8Vo2gLpGgLpGoMpW8NpXEOp3YQq4MUrH0Rro0Xr4QUsI4XsZAYuXQNwIkSwI0VyIAOyocQyqcdy4QQzosS1Kod1rIf3ZMS3ZUT3a8c3o4Q3rcf4ZER5JUR5ZYS5ZgS5aIW55wT554U6KkZ6qQV6qUW6qYW6qcX66gW7Lsf7a0X7a0Y7a8Z7bEb7rAY7rEY7rMa7rMb77EY77Ma77QZ77cd77oc8bgb8bkb8bob8b4f8cUh8skh87wb870c88If88kk89Im9Mwl9cMd9cch9sUe9scf9sgg9skh9swi9swk98og988k99Mm+c8h+dMk+dYm+9Mh+9Mi+9Uj+9Yk+9cl+9gl+9kn+9on+9oo+9op+9so/Ncl/Ngl/Non/Nso/N0o/N0p/dkk/dok/d4o/eAp/eEp/tsk/twk/t0k/t4l/uAn/uAp/uIq/uMp/uMq/uQq/94l/94m/98l/98m/+Am/+An/+En/+Eo/+Io/+Ip/+Mo/+Mp/+Mq/+Qp/+Qq/+Qr/+Uq/+UrX/9jcQAAACd0Uk5TAAABCQoLHCYnMDY4OjuCg4WHiImKm56fx8jJys3P1Ofp6enq7/DyAdnyKAAAAUZJREFUGNNt0b9Kw1AYhvH3OzlJ2qRpiiVCIxUUdXIRdFd0cfQOvA4HF3UWr0Fw83J0VEQpaLX/myY5Od/n0FGfS/g9RPibhgBwfB00MMuqwgIgDQBelMbRLj9NRp/TEgCRKD9Jjjq+FIvy9fm7XzA5BC/dPuu00tjx0EhsubCk4Mbd03Z6DVq5TcJ4J21qaPido6BNsACaeR50J1mm4cVhXQTCAPmeG0QuFIKWH4sFiwVHNa3jOjRqG2KV3FjgikVEtA8FkvzCMphZeLZ4rARQyF8KWGZhFlsYmMpAYTEuzi8ti3A1Hz4cmlEGh5x64u3fHSjJsp/7k1H+NTBEemVrL6o9AACOx9nH27Aiktra+nboKnA5n5TDt15BGih7ZrQZaqlMVbwP+gYgEsCLVptRk6fjWX9aAkS0RHbDBmZzs0Sm/3b8Apz1nhT0ICJTAAAAAElFTkSuQmCC


Sorry if I'm being dull, but what do I do with this file? Its not zipped, so it's not flashable, right?

Also, is it better than the telstop app? I have that installed, but it seems to update every day (probably at least 4 times since installing it last week). If your fix gets to the heart of the matter, then it should be a better solution?

Thanks

#13
Colossae3.23
Posted 02 October 2012 - 09:05 PM

Colossae3.23

    Addict

  • Members
  • PipPipPipPipPip
  • 572 posts
  • Gender:Male
  • Location:South Wales
  • Devices:Huawei Ascend G300
avast! has just sent an update that now covers the USSD vulnerability. Good app that...

Back to Android News · Next Unread Topic →


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. MoDaCo
  2. Newsroom
  3. Android News