Samsung patches smartphone NFC reset glitch

Owners of two Samsung Galaxy Android 4.0 smartphone models may perhaps need to be additional cautious when going on-line or exchanging data by way of near-field communications (NFC) -or even getting some text messages- lest their phones be wiped of their individual information, a tech web page reported. A report on CNET said a code that could trigger a factory reset on the handsets, where a user's information might be wiped, is making the rounds on the internet. But as of Wednesday night (Manila time), The Verge stated Samsung issued a repair for the reset vulnerability. "While Samsung hasn't specified the particular computer software version (or given any assurances for devices other than its flagship Lstrong>Lenovo A789 ), it encourages all affected users to update their phones to the most current computer software readily available over-the-air. That should really retain you safe from the dangers of inadvertently wiping your GS III, though the fate of the other TouchWiz devices in Samsung's portfolio remains unclear," it said. The CNET report mentioned Ravi Borgaonkar, a researcher within the Security in Communications division at Technical University Berlin, indicated the code may possibly influence the Samsung Galaxy S2 and S3. "It's feasible to exploit this attack only on Samsung devices," CNET quoted him as saying, adding that for now, Samsung appears to become the only cheap android mobile phones maker impacted from the flaw. For now, attacks could be staved off by disabling "service loading" in settings and disabling QR code and NFC apps, CNET quoted Borgaonkar as saying. Borgaonkar stated the flaw involves Samsung's TouchWiz, which interacts with "unstructured supplementary service data (USSD) codes," which execute commands on the handset's keypad. As opposed to most dialers that need the user to press "Send" to complete the code, Samsung's doesn't, Borgaonkar stated. Borgaonkar demonstrated the flaw in the Ekoparty security conference in Argentina last week, CNET stated. His demo indicated the code is usually triggered through a Web link, QR code, NFC connection, or perhaps SMS. The code need to have not ask the owner's permission to wipe the device.

28.9.12 11:49


bisher 0 Kommentar(e)     TrackBack-URL

E-Mail bei weiteren Kommentaren
Informationen speichern (Cookie)

Die Datenschuterklärung und die AGB habe ich gelesen, verstanden und akzeptiere sie. (Pflicht Angabe)

 Smileys einfügen