App protects Samsung smartphones opposite remote wiping
As publicised yesterday (Tuesday), some Android-based Samsung smartphones can be wiped remotely but a owner’s agree around specifically crafted web pages or SMS content messages. A new app has now been combined to a Google Play Store that aims to strengthen users opposite this problem: NoTelURL is a giveaway apparatus developed by Jörg Voss
that ensures that USSD control codes can no longer be executed but any user interaction. The APK designation record can also be downloaded directly from a developer’s possess site
.
The app tells a complement that it is obliged for doing URLs that start with TEL:, a designator for links to write numbers. Usually, usually a default write dialler app accepts links of this type. With dual programs charity to hoop this couple type, users who click on such links are given a choice. If they name NoTelURL, a app will prevent a process.
If this dialog opens by itself, an assailant could be perplexing to bureau reset a phone, causing information loss. In tests by The H‘s associates during heise Security, a apparatus reliably prevented control codes from being injected around antagonistic web pages and QR codes. However, a preference dialog also appears when TEL: links are used legitimately, for instance after clicking on a “call” couple on a Google hunt formula page. Those who frequently use such links will shortly wish for an central Samsung patch.
Meanwhile, Samsung has told International Business Times that, in a Galaxy S III, a emanate has already been bound with an update. When heise Security tested this on Monday afternoon, they were indeed incompetent to feat a hole. However, they were successful with a Samsung Galaxy S2 using Android 2.3.6. Online reports prove that many other models such as a Galaxy Ace, a Beam and a S Advance are also affected. Samsung was incompetent to contend either or when these inclination will be updated.
Apparently, a USSD formula execution emanate also affects smartphones from other manufacturers such as HTC, Motorola and Huawei, nonetheless there is no famous formula that will means users’ information to be wiped but user accede on these phones. However, enemy could potentially feat a codes to trigger other control facilities such as call forwarding.
Users can find out either their smartphones are influenced around a USSD check underline on a browser check page. Navigate to a page on your smartphone. If a presentation containing your phone’s IMEI (serial) series is displayed, your device is potentially vulnerable.
See also:
- USSD Check in The H’s Browsercheck (or use a brief URL http://h-online.com/ussd)
(crve)