Samsung Phone Flaw Lets Attackers Remotely Reset Device - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Devices
10:12 AM
Connect Directly

Samsung Phone Flaw Lets Attackers Remotely Reset Device

A researcher at a security conference in Berlin has shown how USSD codes can be used in cyber attacks against Samsung phones. The Galaxy S3, for instance, could have its SIM card wiped merely by browsing a malicious website.

A researcher at a security conference in Berlin has shown how Unstructured Supplementary Service Data (USSD) codes could be used in cyber attacks against mobile phones. The Samsung Galaxy S3, for instance, can be reset to factory default merely by browsing a malicious website.

Ravi Borgaonkar, a researcher at the Technical University of Berlin, gave a presentation entitled, Dirty use of USSD Codes in Cellular Network. Below is a video of part of the presentation:

The codes are commands to the phone to perform diagnostic and management features as listed on the xda-developers wiki:

  • testing mode
  • view IMEI number
  • service mode signal status
  • display phone's current firmware
  • battery and other general settings like GSM/CDMA
  • change the "Power" button action in your phone
  • Factory data soft reset
  • Gtalk service monitor
  • Opens a File copy screen where you can back up your media files
  • GPS test
  • service mode main menu
  • Factory Hard Reset to ROM firmware default settings
  • leave Factory

These codes can be invoked, without any user intervention, through a variety of mechanisms. Borgaonkar demonstrated the attack using an SMS message sent to the phone, holding the phone in proximity to an NFC tag, and discussed others such as a QR code.

All these vectors result in pushing the code to the phone, possibly by instructing it to visit a website that contains a "tel:" URL with the code. For example, a Samsung phone, when visiting a Web page containing <frame src="tel:*2767*3855#" />" would reset the phone to factory default. Other codes can wipe the SD and SIM cards.

Borgaonkar says that the attacks only work so far on Samsung devices. Many of the attack vectors can be disabled by the user. It's not clear that these vectors are present with all carriers.

Hat tip to Softpedia.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll