Android Flaw Puts Phones At Risk Of Being Completely Wiped

By Alexandra Burlacu | Sep 30, 2012 11:05 AM EDT

Share This Story

  • Print
  • Email

Devices using Google's popular Android mobile operating system are at risk of being disabled or completely wiped clean of their data, including contacts, photos, and music.

The security flaw posing the threat was discovered several months ago, but went under the radar until now. Vulnerable devices include handsets made by Samsung, HTC, Motorola, and Sony Ericsson.

Follow us

According to computer security researcher Ravi Borgaonkar, opening a link to a Web site or a mobile application spiked with malicious code can trigger an attack capable of wiping the memory card in Android-based handsets, rendering the devices useless. Meanwhile, another code capable of performing a factory reset and erasing a user's data seems to target only Samsung phones, including the flagship Galaxy S3.

Borgaonkar said he informed Google of the vulnerability back in June. A fix rolled out quickly and quietly, leaving smartphone owners basically unaware that a problem existed or how they could fix it.

Launched in 2008, the Android OS currently dominates the smartphone market. According to market research firm IDC, nearly 198 million Android smartphones were sold in the first six months of the year, and roughly 243 million Android phones were sold in 2011.

Vulnerable versions of Android include Gingerbread, Ice Cream Sandwich, and the latest Jelly Bean, while the Honeycomb version designed for tablets still needs to be tested, noted Borgaonkar.

Samsung, the biggest Android phone maker, said only early production models of its flagship galaxy S3 were affected, and a software update has already been issued for that model. The company added that it is currently conducting an internal review to check if other devices are affected and determine what action is needed, if any. Meanwhile, Samsung is advising users to check for software updates through the "Settings: About device: Software update" menu.

Borgaonkar explained that the bug works by exploiting phone functions that allow them to dial a phone number directly from a Web browser. A person can create a Web site or an app with codes, instructing the phones linking to those numbers to automatically execute commands such as a full factory reset.

A phone's memory card, i.e. a subscriber identity module, or SIM, can be destroyed remotely in the same manner, added Borgaonkar.

"Vulnerability in Android can be exploited to kill the SIM card permanently by clicking a single click," he noted. "After the successful attack, the end user has to go to the mobile network operator and buy a new SIM card." 


Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

Join Our Conversation

The HTC logo is seen with different devices from the brand HTC M10 Perfume Launching A Month Later After MWC 2016
Lava Unleashes New P7 Device Into The Indian Market
New Disney Phone Coming To Japan
Xiaomi Locks Redmi Note 3, Mi 4c And Mi Note Pro; Others To Follow Suit?
Tablet / Laptop / PC
Dell Venue 7 and Venue 8 Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Amazon Logo Amazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC Logo HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google Downtime Google blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
ZTE's new lease program ZTE’s new Lease-to-own Program for Mobile Devices
LG’s G Pay to Take on Google, Samsung and Apple
Facebook: Taxes in the UK and a new Shopping tab
Samsung’s VR Headset to be Released at $99, Hulu Jumps Onboard with Apps Ready

Most Popular

© 2016 IBT Media Inc. All Rights Reserved.mobilenapps