For the tech savvy crowd, one advantage of Android is the ability to tinker and tamper with software through an open platform. While this may be a positive feature in some instances, it also leaves ample opportunities for hackers to obtain personal information or crash a user’s device.
Unfortunately, owners of Samsung’s Galaxy S3, as well as other select Samsung devices, need to be on alert for a new, potentially dangerous hack, which SlashGear reports was just recently discovered. Security researchers have learned that a single line of code can cause a device running on Samsung’s TouchWiz technology to factory-reset itself, opening the door for malicious websites to completely wipe out users’ phones. For those that aren't familiar, TouchWiz is a touch-screen interface developed by Samsung which is integrated into many of its smartphones, including the Galaxy S3 and its predecessors.
During September’s ekoparty Security Conference, an annual event held in Buenos Aires featuring security specialists from all over Latin America, security researcher Ravi Borgaonkar divulged details on the source of the hack. A session-based Global System for Mobile (GSM) protocol known as Unstructured Supplementary Service Data (USSD) can carry the malicious code. USSD is a type of communication technology similar to Short Messaging Service (SMS) used in cellular devices. It sends messages between a mobile phone and an application server in the network, but differs from SMS in the fact that transactions only occur during sessions.
This USSD code could be sent from a website, transferred to the handset via Near-Field Communication (NFC), or triggered by scanning a QR code. When the wipe-out process begins, the user is able to see the procedure but cannot stop it. For those that use QR codes to direct their smartphones to a website automatically, the affected user would have no warning. Once the website stored into the QR code begins loading, it's already too late. The case is the same with NFC—those who use NFC tags would have no notice before their handset becomes infected with the malware.
Samsung devices running TouchWiz appear to be the only ones affected by this hack; basic Android smartphones display the code in the dialer screen but do not run it automatically. The default for Samsung, however, is to dial the code automatically.
According to SlashGear, Borgaonkar said that it's possible for hackers to double up on the attack by also including a USSD code that could also kill the smartphone’s SIM card. This means that a single message could be used to wipe the Samsung phone and break the device’s SIM simultaneously.
In addition to the Galaxy S3, the same code is compatible with the Galaxy Beam, S Advance, Galaxy Ace and Galaxy S2. The Samsung Galaxy Nexus is not affected by this malware because it comes with the stock version of Android.
It was initially reported that this was a virus exclusive to the Galaxy S3, but the story was later updated to include the above devices.
Other Samsung owners have reported that the hack does not work on their smartphone, and SlashGear is currently running tests on their own devices from the Korea-based manufacturer. Users are advised to deactivate the automatic site-loading feature in their QR and NFC reading software, and be cautious when clicking unrecognized links.
Android appears to be a growing target for virus writers and hackers, as statistics show that malicious programs targeting Google’s mobile operating system have skyrocketed during Q2 of 2012. Data from Kaspersky Lab shows the number of malware modifications targeting Android, which has grown from 936 in the third quarter of 2011 to 14,923 in the second quarter of 2012.
Additionally, a report from Support.com dated in 2012 has indicated that there has been a 472 percent increase in Android malware samples since July 2011.
Below is a video demo of the USSD hack on a Galaxy S2, courtesy of Tweakers’ Arnoud Wokke.