2 min read

How a single SMS can break your Samsung Galaxy Android phone

Graham CLULEY

January 30, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
How a single SMS can break your Samsung Galaxy Android phone

It’s hard to believe that it’s 2017, and we’re still talking about Android phones being compromised by boobytrapped SMS text messages.

Vulnerability researchers at Context IS disclosed last week that they uncovered flaws in Samsung’s Galaxy S4, S4 Mini, S5 and Note 4 Android smartphones that could be exploited by remote attackers to endlessly reboot targeted devices.

The security holes, which thankfully Samsung has now issued fixes for, are exploited via WAP configuration messages – pushed to targeted devices with minimum (or no) user interaction.

Understandably, there’s a significant problem if such malicious messages are blindly accepted without proper checking regarding their origin or content.

In a video of a laboratory test, Context IS’s research team showed how an Android phone could be attacked.

More modern Samsung Galaxy S6 and S7 devices are also vulnerable to the bugs, but only if the intended victim had been tricked into installing a malicious app onto their smartphones in advance.

Although the most recent versions of the Samsung Galaxy were clearly not as at much risk, the researchers observed that vulnerable earlier editions of the phone are surprisingly popular around the world.

smartphone-popularity

A constantly rebooting Android phone would be bad enough, but perhaps most worryingly the researchers paint a picture of how the vulnerability could be exploited to make money rather than simply disrupt activities.

According to Context IS, it would not be that hard to turn the attack into a potential ransomware scenario, with attackers demanding that a Bitcoin payment be made before a fix is sent (again, via a maliciously-crafted SMS message):

Given the reversible nature of this attack (a second SMS could be sent that restored the device to its unbroken state) it does not require much imagination to construct a potential ransomware scenario for these bugs.

The message is clear. If you have a Samsung Android phone, make sure that you are keeping up-to-date with your security patches.

That, of course, is good advice for users of any smartphone user – and is particularly pertinent when it comes to these particular vulnerabilities.

That’s because the vulnerability researchers are concerned that similar attacks might also be possible on Android phones made by other manufacturers, and not just Samsung:

It is left as an exercise for the reader to investigate how this technology is handled by other vendors!

In the past, iPhone users have also been advised to update their devices following threats posed by Class 0 SMS messages (also sometimes called Flash SMS messages).

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read