Pages

Tuesday 25 September 2012

Exploit Wiping Samsung Galaxy Phones

Just a quicky this time around. In an earlier post, I ran a comparison for the best browser for ICS in which Chrome came out on top. In light of an article published today on UK newspaper The Telegraph's website, I would like to re-affirm Chrome as my browser of choice now for the most important reason of all.

The article details how a small code consisting of just 11 characters can be embedded onto any website, prompting an unsuspecting Samsung Galaxy SIII to be wiped. This includes restoring the phone to factory settings whilst also deleting contacts, photographs, music, apps and "other vulnerable data". It is not clear whether this only effects local resources or if cloud storage (such as google contact sync) is affected, however at this point in time, MB assumes it is only the former.

Whilst this concern is isolated to Samsung phones, it would be worying to hear an exploit like this circulating the web targetting Xperia phones.

The recommended solution to this problem is to use Google's Chrome browser rather than the stock browser, as Chrome will prevent the scripts from running. As the scripts require no user intervention and performs the wipe in a matter of three seconds, a block such as this is the only way to to be certain not to come across this through a website without deciding to stop browsing the web completely.

The internet is not the the only way to exploit this as text messages, QR Codes and NFC tags can also make use of this script. This is of great concern, however at this point we would recommend that whilst Xperia phones are not affected, using Chrome may prevent you from finding out when such a script does begin to affect Xperia devices. Also if you are using a Samsung device, then we extend this advice to you, aswell.

Source: http://www.telegraph.co.uk/technology/samsung/9565395/Hidden-web-code-means-hackers-can-wipe-Samsung-Galaxy-S3.html