On Tue, Sep 25, 2012 at 2:32 PM, Luander Ribeiro <[email protected]> wrote: > It seems that Galaxy S III with the most recent firmware is not affected by > this vulnerability anymore. > When accessing a website that contains the code to trigger the vulnerability > (e.g. killdroid.kenneth.io - thanks to Kenneth Auchenberg - @auchenberg) the > dialer opens empty, with no code in it. In the video (which appears to be dead now), there is a setting. Working from memory, it was "Allow <something> Services." The service allows Google, Samsung, and carriers to push control messages to the device. The setting should be Off by default (good security posture), but it On by default in some configurations. The researchers then get TouchWiz to consume the untrusted input and the service dutifully responds.
Jeff > Em terça-feira, 25 de setembro de 2012 15h04min23s UTC-3, Jeffrey Walton > escreveu: >> >> >> http://www.ibtimes.co.uk/articles/387852/20120925/samsung-smartphone-hack-remote-wipe-galaxy-touchwiz.htm >> >> Samsung smartphones including the Galaxy S3, Galaxy S2, Galaxy Ace, >> Galaxy Beam and Galaxy S Advance all appear to be affected by the bug >> which triggers a factory reset on your phone if your web browser is >> pointed to a particular website. >> >> Smartphones can also be directed to the code through NFC or using a QR >> code. Once the process has been initiated, users are have no way of >> stopping it. >> >> If a user taps an NFC tag which has the website pre-loaded onto it, >> there will be no warning for the user, which is the same if a user >> scans a QR code with the website URL embedded in it. >> >> Only Samsung smartphones running the company's proprietary TouchWiz >> user interface appear to be affected. >> >> According to telecoms engineer Pau Oliva, the Samsung Galaxy Nexus is >> not affected, as it runs on stock Android and doesn't use the TouchWiz >> skin on top. >> ... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
