Android Has Fatal Flaw: Risk Of Wipeout Attack

Android Has Fatal Flaw: Risk Of Wipeout Attack

There is a fatal flaw inside cellphones that use Google‘s Android operating system.

According to the Huffington Post, these cellphones are at risk of being disabled or wiped clean of their data. This means losing all contacts, music and photos, because of a security flaw that was discovered several months ago but went unnoticed until now.

“Opening a link to a website or a mobile application embedded with malicious code can trigger an attack capable of destroying the memory card in Android-equipped handsets made by Samsung, HTC, Motorola and Sony Ericsson, rendering the devices useless,” computer security researcher Ravi Borgaonkar wrote in a blog post Friday.

“Another code that can erase a user’s data by performing a factory reset of the device appears to target only the newly released and top selling Galaxy S III and other Samsung phones,” he wrote.

Borgaonkar informed Google of the flaw back in June, and a way to fix the issue was quickly issued. However, the problem and how to fix it was not publicized. This left Android users completely unaware that there was even a problem… let alone how to fix it.

According to Borgaonkar, the versions of Android that are vulnerable to the attacks are Gingerbread, Jelly Bean, and Ice Cream Sandwich. He is still unsure if Honeycomb, the Android version made for tablets, is vulnerable to the attacks or not. It will need to be tested further to determine if it’s at risk.

Borgaonkar explained that the bug works by taking advantage of functions in phones that allow them to dial a telephone number directly from a web browser. This is a convenient feature, however, it comes with risk. A hacker can create a website or an app with certain codes that instruct the phones linking to those numbers to execute commands automatically, such as a full factory reset.

The phone’s SIM card can be also be destroyed remotely in the same way, Borgaonkar said.

“Vulnerability in Android can be exploited to kill the SIM card permanently by clicking a single click,” he wrote. “After the successful attack, the end user has to go to the mobile network operator and buy a new SIM card.”

For those of you with Android smartphones, check for updates and update your phones to make sure that you have the right software on your phone that will help protect you from these types of threats.

Comments