Samsung Phone Flaw Lets Attackers Remotely Reset Device

A researcher at a security conference in Berlin has shown how USSD codes can be used in cyber attacks against Samsung phones. The Galaxy S3, for instance, could have its SIM card wiped merely by browsing a malicious website.

Larry Seltzer, Contributor

September 25, 2012

2 Min Read

A researcher at a security conference in Berlin has shown how Unstructured Supplementary Service Data (USSD) codes could be used in cyber attacks against mobile phones. The Samsung Galaxy S3, for instance, can be reset to factory default merely by browsing a malicious website.

Ravi Borgaonkar, a researcher at the Technical University of Berlin, gave a presentation entitled, Dirty use of USSD Codes in Cellular Network. Below is a video of part of the presentation:

The codes are commands to the phone to perform diagnostic and management features as listed on the xda-developers wiki:

  • testing mode

  • view IMEI number

  • service mode signal status

  • display phone's current firmware

  • battery and other general settings like GSM/CDMA

  • change the "Power" button action in your phone

  • Factory data soft reset

  • Gtalk service monitor

  • Opens a File copy screen where you can back up your media files

  • GPS test

  • service mode main menu

  • Factory Hard Reset to ROM firmware default settings

  • leave Factory

These codes can be invoked, without any user intervention, through a variety of mechanisms. Borgaonkar demonstrated the attack using an SMS message sent to the phone, holding the phone in proximity to an NFC tag, and discussed others such as a QR code.

All these vectors result in pushing the code to the phone, possibly by instructing it to visit a website that contains a "tel:" URL with the code. For example, a Samsung phone, when visiting a Web page containing <frame src="tel:*2767*3855#" />" would reset the phone to factory default. Other codes can wipe the SD and SIM cards.

Borgaonkar says that the attacks only work so far on Samsung devices. Many of the attack vectors can be disabled by the user. It's not clear that these vectors are present with all carriers.

Hat tip to Softpedia.

Read more about:

20122012

About the Author(s)

Larry Seltzer

Larry Seltzer

Contributor

Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+:

See more from Larry Seltzer
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

cybercrime abstract with two locks
Cyber Resilience
10 Cyber Incident Response Tips From Those Who've Had a Breach and Lived to Tell About It10 Cyber Incident Response Tips
bySara Peters
May 8, 2024
6 Min Read
DNA (deoxyribonucleic acid) strand, illustration.
Data Management
DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?
byRichard Pallardy
May 7, 2024
15 Min Read
Paul Nakasone, former director of the National Security Agency, and a former commander of US Cyber Command, speaks at the RSA Conference 2024.
Cyber Resilience
Four Horsemen of Cyber Reunite at the RSA ConferenceFour Horsemen of Cyber Reunite at the RSA Conference
byJoao-Pierre S. Ruth
May 9, 2024
6 Min Read
Technologist and author Bruce Schneier addresses the crowd at RSA Conference 2024 about the future impacts of AI on democracy.
Machine Learning & AI
Bruce Schneier: 5 Ways AI Could Shake Up DemocracyBruce Schneier: 5 Ways AI Could Shake Up Democracy
byShane Snider
May 8, 2024
6 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now