It’s hard to believe that it’s 2017, and we’re still talking about Android phones being compromised by boobytrapped SMS text messages.
Vulnerability researchers at Context IS disclosed last week that they uncovered flaws in Samsung’s Galaxy S4, S4 Mini, S5 and Note 4 Android smartphones that could be exploited by remote attackers to endlessly reboot targeted devices.
The security holes, which thankfully Samsung has now issued fixes for, are exploited via WAP configuration messages – pushed to targeted devices with minimum (or no) user interaction.
Understandably, there’s a significant problem if such malicious messages are blindly accepted without proper checking regarding their origin or content.
In a video of a laboratory test, Context IS’s research team showed how an Android phone could be attacked.
More modern Samsung Galaxy S6 and S7 devices are also vulnerable to the bugs, but only if the intended victim had been tricked into installing a malicious app onto their smartphones in advance.
Although the most recent versions of the Samsung Galaxy were clearly not as at much risk, the researchers observed that vulnerable earlier editions of the phone are surprisingly popular around the world.
A constantly rebooting Android phone would be bad enough, but perhaps most worryingly the researchers paint a picture of how the vulnerability could be exploited to make money rather than simply disrupt activities.
According to Context IS, it would not be that hard to turn the attack into a potential ransomware scenario, with attackers demanding that a Bitcoin payment be made before a fix is sent (again, via a maliciously-crafted SMS message):
Given the reversible nature of this attack (a second SMS could be sent that restored the device to its unbroken state) it does not require much imagination to construct a potential ransomware scenario for these bugs.
The message is clear. If you have a Samsung Android phone, make sure that you are keeping up-to-date with your security patches.
That, of course, is good advice for users of any smartphone user – and is particularly pertinent when it comes to these particular vulnerabilities.
That’s because the vulnerability researchers are concerned that similar attacks might also be possible on Android phones made by other manufacturers, and not just Samsung:
It is left as an exercise for the reader to investigate how this technology is handled by other vendors!
In the past, iPhone users have also been advised to update their devices following threats posed by Class 0 SMS messages (also sometimes called Flash SMS messages).
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024