View Single Post
Old September 26th, 2012, 10:08 AM   #3 (permalink)
novox77
Leeeroy Jennnkinnns!
 
novox77's Avatar
 
Join Date: Jul 2010
Posts: 3,968
 
Device(s): Evo 4G, 3D, LTE
Carrier: Not Provided

Thanks: 1,190
Thanked 3,268 Times in 1,410 Posts
Default

Not sure how well known it is at this point, but this hack affects more than just Sammy phones. Moto on Verizon is vulnerable, as is HTC on AT&T.

At issue here is if the phone AND carrier support a special code that is input by the Dialer app.

For example, on most (if not all) phones, you can enter ##3282# into the dialer, and it will take you to the phone's EPST menu. Some codes are standard; others are specific to the phone and/or carrier. In this case, the code to wipe your phone is launched from a browser with code like this:

<frameset><frame src="tel:[wipecode]" /></frameset>

This works a lot like mailto:"myusername@email.com". When a device sees mailto: it will open the default email client. When a phone sees "tel:" it will launch the default dialer. And if your phone/carrier supports this code, it will start the data wipe.

tel:[wipecode] can be placed into a QR code as a URL data type. Depending on the QR scanning software you use, it may or may not immediately process the URL. A security-aware QR code scanner should first show you the result of the scan, and then allow you to proceed via a user-interaction.

It would also appear that browser choice makes a difference here. Opera does not support launching the dialer when it sees a tel: so even if the phone/carrier combo is vulnerable, you won't be damaged if you use Opera.

But the real solution is to patch the phone's radio firmware so that the wipe code is disabled. Either that or have the firmware prompt for the phone's MSL number before wiping.
__________________

The good thing about science is that it's true whether or not you believe in it. -Neil deGrasse Tyson

Help me out: Sign up with Dropbox and we both get 500MB extra space. Thanks!
novox77 is offline  
Last edited by novox77; September 26th, 2012 at 10:13 AM.
Reply With Quote
The Following 2 Users Say Thank You to novox77 For This Useful Post:
9to5cynic (September 26th, 2012), strider70 (September 26th, 2012)