Android Flaw Puts Phones At Risk Of Being Completely Wiped

By Alexandra Burlacu | Sep 30, 2012 11:05 AM EDT

Share This Story

  • Print
  • Email

Devices using Google's popular Android mobile operating system are at risk of being disabled or completely wiped clean of their data, including contacts, photos, and music.

The security flaw posing the threat was discovered several months ago, but went under the radar until now. Vulnerable devices include handsets made by Samsung, HTC, Motorola, and Sony Ericsson.

Follow us

According to computer security researcher Ravi Borgaonkar, opening a link to a Web site or a mobile application spiked with malicious code can trigger an attack capable of wiping the memory card in Android-based handsets, rendering the devices useless. Meanwhile, another code capable of performing a factory reset and erasing a user's data seems to target only Samsung phones, including the flagship Galaxy S3.

Borgaonkar said he informed Google of the vulnerability back in June. A fix rolled out quickly and quietly, leaving smartphone owners basically unaware that a problem existed or how they could fix it.

Launched in 2008, the Android OS currently dominates the smartphone market. According to market research firm IDC, nearly 198 million Android smartphones were sold in the first six months of the year, and roughly 243 million Android phones were sold in 2011.

Vulnerable versions of Android include Gingerbread, Ice Cream Sandwich, and the latest Jelly Bean, while the Honeycomb version designed for tablets still needs to be tested, noted Borgaonkar.

Samsung, the biggest Android phone maker, said only early production models of its flagship galaxy S3 were affected, and a software update has already been issued for that model. The company added that it is currently conducting an internal review to check if other devices are affected and determine what action is needed, if any. Meanwhile, Samsung is advising users to check for software updates through the "Settings: About device: Software update" menu.

Borgaonkar explained that the bug works by exploiting phone functions that allow them to dial a phone number directly from a Web browser. A person can create a Web site or an app with codes, instructing the phones linking to those numbers to automatically execute commands such as a full factory reset.

A phone's memory card, i.e. a subscriber identity module, or SIM, can be destroyed remotely in the same manner, added Borgaonkar.

"Vulnerability in Android can be exploited to kill the SIM card permanently by clicking a single click," he noted. "After the successful attack, the end user has to go to the mobile network operator and buy a new SIM card." 

 

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

Smartphones
LG G3 leaked UI screenshotsLG G3 UI screenshots leak, confirm QHD resolution of 2560 x 1440 pixels
Apple releases latest iOS 7.1.1 update - Here’s what it brings
HTC One M8 Mini reportedly headed to Verizon – Will it be another exclusive?
LG G Watch officially detailed, coming in Champagne Gold and Stealth Black color options
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Chrome Remote Desktop app for AndroidChrome Remote Desktop for Android now available for free from Google Play
Adobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps