Devices using Google's popular Android mobile operating system are at risk of being disabled or completely wiped clean of their data, including contacts, photos, and music.
The security flaw posing the threat was discovered several months ago, but went under the radar until now. Vulnerable devices include handsets made by Samsung, HTC, Motorola, and Sony Ericsson.
According to computer security researcher Ravi Borgaonkar, opening a link to a Web site or a mobile application spiked with malicious code can trigger an attack capable of wiping the memory card in Android-based handsets, rendering the devices useless. Meanwhile, another code capable of performing a factory reset and erasing a user's data seems to target only Samsung phones, including the flagship Galaxy S3.
Borgaonkar said he informed Google of the vulnerability back in June. A fix rolled out quickly and quietly, leaving smartphone owners basically unaware that a problem existed or how they could fix it.
Launched in 2008, the Android OS currently dominates the smartphone market. According to market research firm IDC, nearly 198 million Android smartphones were sold in the first six months of the year, and roughly 243 million Android phones were sold in 2011.
Vulnerable versions of Android include Gingerbread, Ice Cream Sandwich, and the latest Jelly Bean, while the Honeycomb version designed for tablets still needs to be tested, noted Borgaonkar.
Samsung, the biggest Android phone maker, said only early production models of its flagship galaxy S3 were affected, and a software update has already been issued for that model. The company added that it is currently conducting an internal review to check if other devices are affected and determine what action is needed, if any. Meanwhile, Samsung is advising users to check for software updates through the "Settings: About device: Software update" menu.
Borgaonkar explained that the bug works by exploiting phone functions that allow them to dial a phone number directly from a Web browser. A person can create a Web site or an app with codes, instructing the phones linking to those numbers to automatically execute commands such as a full factory reset.
A phone's memory card, i.e. a subscriber identity module, or SIM, can be destroyed remotely in the same manner, added Borgaonkar.
"Vulnerability in Android can be exploited to kill the SIM card permanently by clicking a single click," he noted. "After the successful attack, the end user has to go to the mobile network operator and buy a new SIM card."
more stories from What's Hot
Rockstar Games has acknowledged the most common GTA Online launch issues and detailed the bug fix status for each problem it's currently working on.
ernest hamiltonTarget has announced its new prepaid mobile service, Brightspot, which will debut on Sunday, Oct. 6.
ernest hamiltonHulu has added support for Google's Chromecast streaming dongle, allowing Hulu Plus users to 'cast' video directly to Chromecast.
ernest hamiltonThe much-awaited Grand Theft Auto (GTA) Online mode has finally gone live, unfolding a whole interconnected universe.
ernest hamiltonBlackBerry has posted its Q2 fiscal results and blames a $935 million hit on 'Z10 Inventory Charge'
ernest hamiltonThe KitKat contest has now reached India, bringing promotional packages with the chance to win a new Nexus 7 (2013).
ernest hamiltonGoogle Talk has been sending messages to the wrong recipients, raising some serious privacy concerns.
ernest hamiltonGrand Theft Auto V publisher Take-Two has announced that the new GTA 5 made a whopping $800 million on launch day, breaking the record previously set by Call of Duty: Black Ops 2.
ernest hamilton