Researchers from Context Security have identified a vulnerability in Samsung Galaxy phones: by embedding commands in the obsolete, 17-year-old WAP proptocol in an SMS message, attackers can put them into endless reboot loops, or encrypt their storage and charge the phone's owners for a decryption key.
The devices known to be vulnerable to this attack are the Samsung Galaxy S4, S4 Mini, S5 and Note 4.
Samsung released a security update for this attack in November 2016.
WAP just happened to my Samsung Galaxy?
The complexity of exploiting an Android device in recent years has escalated to the point that more often than not a chain of bugs is required to achieve the desired effect. This case is no different and we have shown here that it took two bugs to produce a viable attack vector, combined with some in-depth knowledge of the bespoke message format.
If you have a rooted device, a fix for this is to simply use adb as the phone is coming up and delete the default_ap.conf file. If your device is not rooted, the only two solutions are to factory reset the phone (losing all your data) or hope that the attacker is kind enough to send you another OMA CP message containing a valid configuration.
Given the reversible nature of this attack (a second SMS could be sent that restored the device to its unbroken state) it does not require much imagination to construct a potential ransomware scenario for these bugs. Samsung have now released a security update that addresses these amongst other vulnerabilities and as is our usual advice, it is recommended that users prioritise the installation of these updates.
SMS-Exploitable Bug in Samsung Galaxy Phones Can Be Used for Ransomware Attacks
[Catalin Cimpanu/Bleeping Computer]
danah boyd's SXSW Edu keynote, What Hath We Wrought? builds on her essay from 2017 about the relationship of media literacy education to the rise of conspiracy theories and the great epistemological rift in which significant numbers of people believe things that are clearly untrue, from climate denial to flat-earthing.
Richard J. Ridel's all-wooden, mechanical Turing machine uses the smallest set of data elements capable of computing any calculation: 0, 1 and blank; it was inspired by Ridel's viewing of The Imitation Game.
In Packets, Please, you are the boss of CosmoCast, a corrupt, post-Net Neutrality ISP; your job is to "boost, throttle or disconnect" people based on their activities -- you can boost Trump's tweets, disconnect political dissidents, and throttle rival video-on-demand services, working at breakneck speed to keep the packets flowing in the way that optimizes […]
Creative designers play a pivotal role in engaging target audiences and customers, and while companies are eager to bring more of these professionals on board, you’ll have a hard time getting your foot in the door if you’re not using the industry’s best tools. From Adobe to Maya, the eduCBA Design & Multimedia Lifetime Subscription Bundle […]
As more companies aim to reel in costs and boost productivity, project managers are becoming an essential part of many operations, and they’re paid handsomely for their expertise. But, while demand is high, you’ll have a hard time getting your foot in the door if you’re not toting the right certifications. The Official Lean Six Sigma […]
Learning how to play the guitar is no easy feat, and plenty of aspiring rock stars wash out due to either lost interest or simply lousy teaching. The Jamstik+ aims to remedy both of these issues with a 21st-century approach. This smart guitar teaches you about chords, scales, and the like via an app on […]