According to the researchers, a change in the recently disclosed attack that has been demonstrated to remotely wipe off data from Samsung Android devices can also be exploited to disable the SIM cards for good. A research assistant in the Telecom Security department at the Technical University of Berlin, Ravishankar Borgaonkar, exhibited the vulnerability he had uncovered at the Ekoparty Security Conference, Buenos Aires, Argentina. Such an attack can be set forth from a web page by loading a “tel:” uniform resource identifier or URI with a specific factory reset code in an iframe. If and when the page is visited from a device having this vulnerability the dialer app executes the code on its own and initiates a factory reset.
The who, what and how?
There is a multitude of devices vulnerable to such an attack, with Samsung Galaxy S3, S2, Beam, S Advance and Ace inclusive as they tend to support the special factory reset code. Borgaonkar manifested how a device can be forced to open a link to such a page by touching an NFC enabled phone to a scallywag NFC tag, by scanning a QR code or also by including the link in a special service message. An attacker can also include the link in someone’s twitter feed, SMS or e mail message and dodge them to manually click on it. The security glitch stems from the Android Stock dialer, for which patch has been issued so that no special codes passing through the “tel:” URIs would get through to execution.
The cell phone dialer allows users to execute special commands by typing specific codes via the interface, the ones that start with a * and end with # sign. These codes are called Unstructured Supplementary Service Data (USSD) codes when they correspond to mobile carrier’s services and MMIs or Man Machine Interface codes when access phone functions. As it follows logically, not all devices support the same codes, even though some of them are standard like *#06# is rather commonly used for displaying the IMEIs (International Mobile Equipment Identity) for Android devices. It is due to this reason that some other manufacturers’ devices other than Samsung’s could be prone to the same attack as Google search got hits for a factory reset code for HTC Desire.
And then there were none
While the news was released many users who were already using cloud services for backing up data were rather unnerved, and rightly so, as they could easily restore data even if the device were to be wiped. However, the attack takes a more rapacious shape as Borgaonkar mentioned the same attack is capable of killing SIM cards, like actually blocking them for good. This is made possible as an MMI allows for changing a PIN for SIM card using the PUK or personal unblocking key, all the attacker has to do is generate a code that enters the wrong PUK multiple times to get the SIM card blocked forever. Well, Android and malware have been quite a seesaw and users have dreaded Android spyware and other mobile spy apps like their worst nightmares. The excavation of this new vulnerability is just another line in the tally marks and the ones on Android users’ foreheads.
Natalia David has been a regular contributor as tech writer, expert for some time now. She has written a lot of articles on cell phone and PC security. Her work related to mobile spy to secretly monitor cell phones has received great appreciation from readers who turn to her to keep themselves updated with the latest happenings in tech world. You can also follow her on twitter @NataliaDavid4