At a recent Security Conference in Buenos Aires, Telecommunications researcher Ravi Borgaonkar demonstrated a very simple yet unprecedented vulnerability in some Samsung mobile phones, which, when implemented would result in a complete factory reset of the phone – and loss of all data. EFTM has conducted our own tests and we have the video to prove it.
The vulnerability uses a Telco carrier connection code (USSD) to perform the factory reset, and while it’s something that almost any Android phone could be subject to, normally it would require the user to perform an action, such as clicking a button.
But because of the added layer of software Samsung has built into some of its phones, this USSD code can be “dialled” automatically by the phone, and in the process, the phone is reset.
Here’s how it works.
The attacker, places a very simple line of code into a web page. If you had the address of the page and visited it, your phone would reset. But why would you go to such a page?
Well, imagine you got a direct message on Twitter, or a Facebook message from a friend saying “Wow, this is such an awesome video, check it out http://etcetcetc.etc”. You think “Okay, right, that sounds good” and you click. Hey presto, you’ve visted the site and your phone is turning itself off and wiping all your data.
You didn’t realise your friend’s Twitter or Facebook account was compromised, and it wasn’t really your friend sending that message. We’ve all seen these types of attacks before.
This code could be built into an existing page, so you might be visiting a legitimate looking site only to have the same thing happen.
As Ravi explained in his presentation, this could also occur via tap and go transmission of a web address (NFC) or by QR code as I’ve demonstrated below.