Remote Wipe Hack: Samsung, HTC Android Phones Scared Stiff!
Gazillions of Android devices that include Samsung Galaxy S2 and S3, HTC Desire and One X, et al are under the wiping gun as you read this. All that needs to be done is that the user has to visit a malicious webpage that encrypts a code that is earmarked for particular weblinks, and the gateway for cell phone spy software and Android spy software would be opened.
Dial M for Malware
The flaw is conjured up owing to a security howler that is present in a few Android dialer software versions. The security hole allows “tel:” which is a URL prefix, to work on the dialing software of an Android phone. While normally it comes in handy, tel: can also be used to penetrate data, which is non-numeric, through the dialer. And then there are other characters that can do damage of different sorts as well – like for instance, #06# displays the IMEI number of the device.
Basically what the flaw exploits is a string, which activates a reset of devices. And this is done because they do not force the interaction of users in the lead up to actually performing the function that is encrypted in the string. The thing is, the code would first of all have to be encrypted in the shape of a link so that the user can activate it. And herein lies the rub, since any average Joe cell phone spy software expert can misrepresent a malicious link as an innocent link, and as the user clicks it the wipe would be initiated.
The users that have vulnerable handsets can also install third-party dialers and earmark it as the default protection to counter the “remote wipe” attack. However, not all Android devices can be remote wiped, even though the number of models which can be attacked by the vulnerability are increasing ever since it became public knowledge.
Who’s In, Who’s Out
Samsung Galaxy phones, the ones that have Android 4.1 are safe from the remote wipe hack attack. However, that still connotes that millions of S2 and quite a few S3 devices that do not have revised firmware are still under the cosh. As things stand there are over 480 million Android devices that are being used, and unfortunately most of them are vulnerable to this wipe attack.
The vulnerability in question was sorted out in Android’s core code in the earlier part of this year, however, the code was not delivered to all the handsets that are currently in use. Also since the Big Two – Samsung and HTC devices – have had the flaw as well, it means that a gargantuan number of handsets currently in use have the outdated code.
Patch-Up in the Pipeline
Samsung has already patched up the problem for Galaxy S3, but it how long it takes to get operator’s approval and roll out. Samsung is also working on patch-up work for Galaxy S2, but when exactly it would be available still hasn’t been announced.
Initially it was believed that only Samsung devices were vulnerable. However, quite a few HTC phones, most notably HTC One X and Motorola Defy, have also fallen prey to malware courtesy of HTC Sense 4.0 and Android 4.0.3 respectively.
With malware being present left, right and center all smart phone users must back up their phone regularly. Even if they trust the cloud, synchronize it to their devices, or even if they are copying files over to the removable storage, they shouldn’t take the data integrity – especially in the long run – of their smart phones for granted.
Author Bio: James Clark has been in the business of cellphone spy apps for a while now. His work on cellspyexpert is unparalleled and has brought together a large group of readers. Cellspyexpert is spy software for Android, and for the latest and greats tips and tricks readers flock towards James.