Smartphones HTC, Motorola and Sony are also vulnerable to data deletion. Site to check the problem
As it turned out, an unexpected vulnerability to deleting data when visiting a page with a specially formed link, which Samsung managed to quickly fix literally every other day, also affects HTC One X, HTC Desire, Motorola Defy, Sony Xperia Active and Sony Xperia Arc S.
The main cause of the vulnerability was not recognized by TouchWiz, which Samsung installs on its smartphones, but by handling phone links on some Android devices, in which the USSD code embedded in the body of a regular hyperlink is executed immediately without user confirmation - the computer security expert says Dylan Reeve . At the same time, this problem has been known for a relatively long time and fixed by Google, however, the manufacturers of smartphones themselves, in all likelihood, are not in a hurry to use the patch, thus risking the security of user data.
Until manufacturers release the corresponding patch, Reeve suggests that users install some alternative "dialer", using which Android will let you choose through which program to make a call if a malicious link is suddenly caught.
In order to determine whether your smarfton vulnerabilities with USSD-code, there is already a special site http://dylanreeve.com/phone.php (short link - http://bit.ly/QC03LM ). If, when you visit it, Android immediately offers to call and displays an IMEI device, then this device is vulnerable to a remote USSD attack.
')
UPD : QR-code on the site with a test for vulnerability (thanks nickel3000 ).
[ Source ]
The main cause of the vulnerability was not recognized by TouchWiz, which Samsung installs on its smartphones, but by handling phone links on some Android devices, in which the USSD code embedded in the body of a regular hyperlink is executed immediately without user confirmation - the computer security expert says Dylan Reeve . At the same time, this problem has been known for a relatively long time and fixed by Google, however, the manufacturers of smartphones themselves, in all likelihood, are not in a hurry to use the patch, thus risking the security of user data.
Until manufacturers release the corresponding patch, Reeve suggests that users install some alternative "dialer", using which Android will let you choose through which program to make a call if a malicious link is suddenly caught.
In order to determine whether your smarfton vulnerabilities with USSD-code, there is already a special site http://dylanreeve.com/phone.php (short link - http://bit.ly/QC03LM ). If, when you visit it, Android immediately offers to call and displays an IMEI device, then this device is vulnerable to a remote USSD attack.
')
UPD : QR-code on the site with a test for vulnerability (thanks nickel3000 ).
[ Source ]
Source: https://habr.com/ru/post/152461/
All Articles