Go Back   Android Forums > Android Phones > Samsung Galaxy Prevail

Like Tree4Likes
  • 1 Post By Shabbypenguin
  • 2 Post By Shabbypenguin
  • 1 Post By Lordvincent 90

test: Reply
 
LinkBack Thread Tools
Old September 25th, 2012, 12:28 PM   #1 (permalink)
ROM Developer
Thread Author (OP)
 
Shabbypenguin's Avatar
 
Join Date: Mar 2011
Gender: Male
Posts: 5,270
 
Device(s): Nexus 5
Carrier: Sprint

Thanks: 353
Thanked 4,944 Times in 2,039 Posts
Default PSA: Watch what sites you load

Some of you may have heard the big news, there is a bit of html code that can remotely do a factory reset on your device while browsing around without your consent or way to stop it. the website has to have it setup and has to the stock web browser. since this exploit was released into the public it is unknown on if any sites may "maliciously" add it in. i cant confirm or deny that this device may be subject to this exploit, but its for teh best that you know anyways.

the code can be viewed via a frame on a website, so some jerk posting the html code into a comment isnt gunna make the site screw your phone up. so it has to be setup to run the exploit, but since it is only a few lines im sure a few sites already have ill intentions. Exploit test should show if you are vulnerable

so far it seems its only samsung devices that are affected but many more could be.

Update

Confirmed you guys are exploitable http://i.imgur.com/UFfxj.png

now this means that on a stock rom dialer codes can be tripped by malicious websites


Quote:
Originally Posted by Shabbypenguin View Post
ok lord vincent did some testing and here is basically a rundown:

may not be of any big concern, everyone is ranting about the sgs3 reset code since even the sgs2 has a diff code to reset it it means that the "exploit" may be on many devices but in order to effectively target them you would have to have every dialer code for every phone and i dont see that happening.

a more likley solution is someone who knows of lets say the prevail, builds a new site that gets a lot of google hits like prevailcyanogenmod9.com or something of teh sort and expects prevail owners to pull it up on their device

so while your chances of being hijacked by this are VERY slim. this is all the more reason on why you should be doing regular nandroids and saving to your computer in the event something does happen

Advertisements
__________________
Enjoy my work?
Donate here

Know an unloved device? swing by our new forums
Shabbypenguin is offline  
Last edited by Shabbypenguin; September 25th, 2012 at 04:22 PM.
Reply With Quote
The Following 7 Users Say Thank You to Shabbypenguin For This Useful Post:
cwhatever (September 25th, 2012), DarkJedi (September 26th, 2012), Lordvincent 90 (September 25th, 2012), mysticspiral (October 27th, 2012), The~Skater~187 (September 25th, 2012), tube517 (September 25th, 2012), wyelkins (September 29th, 2012)
sponsored links
Old September 25th, 2012, 01:14 PM   #2 (permalink)
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
 
Lordvincent 90's Avatar
 
Join Date: Oct 2011
Location: grand rapids,mi
Gender: Male
Posts: 4,742
 
Device(s): Galaxy Prevail, Galaxy Prevail II, Kyocera Hydro, Nexus 7 (Grouper), Galaxy rush, Htc One SV
Carrier: of the deadly t-virus

Thanks: 1,691
Thanked 2,384 Times in 1,661 Posts
Default

Pm me the link. I just made a backup I'll be A test dummy
__________________
(ノಠ益ಠ)ノ彡┻━┻
Lordvincent 90 is online now  
Reply With Quote
The Following User Says Thank You to Lordvincent 90 For This Useful Post:
cwhatever (September 25th, 2012)
Old September 25th, 2012, 03:07 PM   #3 (permalink)
Life Goes On
 
cwhatever's Avatar
 
Join Date: Mar 2012
Location: south central fla
Gender: Male
Posts: 2,896
 
Device(s): galaxy s3 rooted on wicked or carbon, galaxy prevail ctmod 3.8 ssm(mp3 player)
Carrier: Boost Mobile

Thanks: 532
Thanked 745 Times in 553 Posts
Default

Quote:
Originally Posted by Lordvincent 90 View Post
Pm me the link. I just made a backup I'll be A test dummy
Yeah then let us know the results. Thx.
__________________
EVERYTHING HAPPENS FOR A REASON/TODAY IS THE LAST DAY BEFORE TOMORROW SO USE IT WISELY !!!!!!!!! Thanks Button Is The Right Thing To Do!!
The One Who Dies With The Most Toys WINS
At First If You Don't Succeed Try Try Again & Ask"S
http://androidforums.com/Site-Rules/Guidelines
cwhatever is online now  
Reply With Quote
Old September 25th, 2012, 03:29 PM   #4 (permalink)
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
 
Lordvincent 90's Avatar
 
Join Date: Oct 2011
Location: grand rapids,mi
Gender: Male
Posts: 4,742
 
Device(s): Galaxy Prevail, Galaxy Prevail II, Kyocera Hydro, Nexus 7 (Grouper), Galaxy rush, Htc One SV
Carrier: of the deadly t-virus

Thanks: 1,691
Thanked 2,384 Times in 1,661 Posts
Default

It did enter a dialer code, but the code didn't do anything
( *2767*3855#)

I tried with stock and half ass rom.

I guess we're safe
Lordvincent 90 is online now  
Reply With Quote
The Following User Says Thank You to Lordvincent 90 For This Useful Post:
cwhatever (September 25th, 2012)
Old September 25th, 2012, 03:33 PM   #5 (permalink)
ROM Developer
Thread Author (OP)
 
Shabbypenguin's Avatar
 
Join Date: Mar 2011
Gender: Male
Posts: 5,270
 
Device(s): Nexus 5
Carrier: Sprint

Thanks: 353
Thanked 4,944 Times in 2,039 Posts
Default

ok lord vincent did some testing and here is basically a rundown:

may not be of any big concern, everyone is ranting about the sgs3 reset code since even the sgs2 has a diff code to reset it it means that the "exploit" may be on many devices but in order to effectively target them you would have to have every dialer code for every phone and i dont see that happening.

a more likley solution is someone who knows of lets say the prevail, builds a new site that gets a lot of google hits like prevailcyanogenmod9.com or something of teh sort and expects prevail owners to pull it up on their device

if you give me the dialer codes for this device ill make a page to test, im not gunna use teh factory reset one ill use something like debug menu etc

so while your chances of being hijacked by this are VERY slim. this is all the more reason on why you should be doing regular nandroids and saving to your computer in the event something does happen

edit: bah thats what i get for typing up a long explanation, LV already replied :P
Lordvincent 90 likes this.
Shabbypenguin is offline  
Reply With Quote
The Following 3 Users Say Thank You to Shabbypenguin For This Useful Post:
cwhatever (September 25th, 2012), Lordvincent 90 (September 25th, 2012), wyelkins (September 29th, 2012)
Old September 25th, 2012, 03:37 PM   #6 (permalink)
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
 
Lordvincent 90's Avatar
 
Join Date: Oct 2011
Location: grand rapids,mi
Gender: Male
Posts: 4,742
 
Device(s): Galaxy Prevail, Galaxy Prevail II, Kyocera Hydro, Nexus 7 (Grouper), Galaxy rush, Htc One SV
Carrier: of the deadly t-virus

Thanks: 1,691
Thanked 2,384 Times in 1,661 Posts
Default

Yea but u explained it much better...

Didn't mean to step on your toes
Lordvincent 90 is online now  
Reply With Quote
Old September 25th, 2012, 03:40 PM   #7 (permalink)
ROM Developer
Thread Author (OP)
 
Shabbypenguin's Avatar
 
Join Date: Mar 2011
Gender: Male
Posts: 5,270
 
Device(s): Nexus 5
Carrier: Sprint

Thanks: 353
Thanked 4,944 Times in 2,039 Posts
Default

Quote:
Originally Posted by Lordvincent 90 View Post
Yea but u explained it much better...

Didn't mean to step on your toes
oh man no toes stepped on, i posted about this in hopes to get awareness like i did with the ZTE backdoor :P

anyways http://www.shabbypenguin.com/data will load up the exploit targeted towards the prevail it wont wipe ya :P.

updated op
Shabbypenguin is offline  
Last edited by Shabbypenguin; September 25th, 2012 at 04:13 PM.
Reply With Quote
The Following User Says Thank You to Shabbypenguin For This Useful Post:
The~Skater~187 (September 25th, 2012)
Old September 25th, 2012, 04:47 PM   #8 (permalink)
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
 
Lordvincent 90's Avatar
 
Join Date: Oct 2011
Location: grand rapids,mi
Gender: Male
Posts: 4,742
 
Device(s): Galaxy Prevail, Galaxy Prevail II, Kyocera Hydro, Nexus 7 (Grouper), Galaxy rush, Htc One SV
Carrier: of the deadly t-virus

Thanks: 1,691
Thanked 2,384 Times in 1,661 Posts
Default

I was wrong... The one i was thinking of us ##72786# and it only does some update... Nothing gets deleted

Edit-and still requires you to enter your msl! That may be what saves us... Most hidden menu functions ask for your msl (ps this code is what they gave my sister to fix her phone. It randomly stopped receiving/sending phone calls bit 3g still worked... Not sure what it changes, but it restored her ability to use this phone as a phone)
Lordvincent 90 is online now  
Last edited by Lordvincent 90; September 26th, 2012 at 12:44 AM.
Reply With Quote
Old September 25th, 2012, 04:57 PM   #9 (permalink)
ROM Developer
Thread Author (OP)
 
Shabbypenguin's Avatar
 
Join Date: Mar 2011
Gender: Male
Posts: 5,270
 
Device(s): Nexus 5
Carrier: Sprint

Thanks: 353
Thanked 4,944 Times in 2,039 Posts
Default

Quote:
Originally Posted by Lordvincent 90 View Post
I was wrong... The one i was thinking of us ##72786# and it only does some update... Nothing gets deleted
still stands you guys are suseptible to teh exploit, as is teh admire and ZTE warp so im gunna leave this thread here. you guys are lucky enough to have a solid cm rom but i imagine a lot of phones that this attacks wont be as lucky. since cm doenst let you use dialer codes
Shabbypenguin is offline  
Reply With Quote
Old September 25th, 2012, 05:01 PM   #10 (permalink)
Life Goes On
 
cwhatever's Avatar
 
Join Date: Mar 2012
Location: south central fla
Gender: Male
Posts: 2,896
 
Device(s): galaxy s3 rooted on wicked or carbon, galaxy prevail ctmod 3.8 ssm(mp3 player)
Carrier: Boost Mobile

Thanks: 532
Thanked 745 Times in 553 Posts
Default

Quote:
Originally Posted by Shabbypenguin View Post
still stands you guys are suseptible to teh exploit, as is teh admire and ZTE warp so im gunna leave this thread here. you guys are lucky enough to have a solid cm rom but i imagine a lot of phones that this attacks wont be as lucky. since cm doenst let you use dialer codes
so ct mod doesn't let you use the dialer after 2.4 or something. so that is safe too then?
cwhatever is online now  
Reply With Quote
sponsored links
Old September 25th, 2012, 10:41 PM   #11 (permalink)
Senior Member
 
Rarewolf's Avatar
 
Join Date: Jan 2012
Location: CaliFornia, Azusa
Posts: 1,110
 
Device(s): Samsung Galaxy Prevail Sisters Samsung Ultra Samsung Galaxy S Captivate
Carrier: Not Provided

Thanks: 196
Thanked 140 Times in 105 Posts
Send a message via Yahoo to Rarewolf
Default

What if we get rid of hidden menu?
I don't really use it. And Idk what i would need it for.
__________________
And Now im Proud Of Cyber Green
themes For CTMod
Rarewolf is offline  
Reply With Quote
Old September 25th, 2012, 11:05 PM   #12 (permalink)
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
 
Lordvincent 90's Avatar
 
Join Date: Oct 2011
Location: grand rapids,mi
Gender: Male
Posts: 4,742
 
Device(s): Galaxy Prevail, Galaxy Prevail II, Kyocera Hydro, Nexus 7 (Grouper), Galaxy rush, Htc One SV
Carrier: of the deadly t-virus

Thanks: 1,691
Thanked 2,384 Times in 1,661 Posts
Default

That would work, but you should probably try freezing it first
(i think you need it for system/prl/data profile updates)

If you don't have titanium backup, you can use 'app quarantine'. It's free on the play store
Lordvincent 90 is online now  
Reply With Quote
Old September 26th, 2012, 12:34 AM   #13 (permalink)
Junior Member
 
Join Date: Aug 2012
Posts: 38
 
Device(s):
Carrier: Not Provided

Thanks: 2
Thanked 17 Times in 12 Posts
Default

Hmm, it shows shrimps jammin' on the jimjam on my laptop but on my phone it shows a page to enter my msl? I used the xscope browser, so the exploit seems to work with that too. Yikes! If I remove the stock browser, it would break several apps that depend on it like geniewidget.apk, voicesearch.apk, plus quicksearchbox.apk & voicedialer.apk (both depends on voicesearch.apk). All of these apps will force close when the browser is removed.
titetanium is online now  
Reply With Quote
Old September 26th, 2012, 06:54 AM   #14 (permalink)
ROM Developer
Thread Author (OP)
 
Shabbypenguin's Avatar
 
Join Date: Mar 2011
Gender: Male
Posts: 5,270
 
Device(s): Nexus 5
Carrier: Sprint

Thanks: 353
Thanked 4,944 Times in 2,039 Posts
Default

Quote:
Originally Posted by titetanium View Post
Hmm, it shows shrimps jammin' on the jimjam on my laptop but on my phone it shows a page to enter my msl? I used the xscope browser, so the exploit seems to work with that too. Yikes! If I remove the stock browser, it would break several apps that depend on it like geniewidget.apk, voicesearch.apk, plus quicksearchbox.apk & voicedialer.apk (both depends on voicesearch.apk). All of these apps will force close when the browser is removed.
the way i setup the code is it loads two frames one being my homepage at shabbypenguin.com (where the flash animation comes in) and the other frame contains the "exploit"
Shabbypenguin is offline  
Reply With Quote
Old September 26th, 2012, 07:01 AM   #15 (permalink)
AF Contributor
 
wetbiker7's Avatar
 
Join Date: Jun 2011
Location: So-Cal
Gender: Male
Posts: 7,191
 
Device(s): SamsungGalaxy S3, LG Marquee, Asus TF300T 32GB w/ dock, SamsungGalaxy Prevail
Carrier: Boost

Thanks: 1,895
Thanked 3,209 Times in 2,116 Posts
Default

Quote:
Originally Posted by cwhatever View Post
so ct mod doesn't let you use the dialer after 2.4 or something. so that is safe too then?

After 2.5


Quote:
Originally Posted by Lordvincent 90 View Post
I was wrong... The one i was thinking of us ##72786# and it only does some update... Nothing gets deleted

Edit-and still requires you to enter your msl! That may be what saves us... Most hidden menu functions ask for your msl (ps this code is what they gave my sister to fix her phone. It randomly stopped receiving/sending phone calls bit 3g still worked... Not sure what it changes, but it restored her ability to use this phone as a phone)
I think that updates the MMS settings. That is code I used to fix my MMS on the Marquee.
__________________
Is there a reason you're not rooted yet??
Do the right thing and hit THANKS!
wetbiker7 is online now  
Last edited by wetbiker7; September 26th, 2012 at 07:05 AM.
Reply With Quote
The Following User Says Thank You to wetbiker7 For This Useful Post:
cwhatever (September 26th, 2012)
Old September 26th, 2012, 10:08 AM   #16 (permalink)
Senior Member
 
The~Skater~187's Avatar
 
Join Date: Oct 2011
Location: Connecticut
Gender: Male
Posts: 1,380
 
Device(s): Prevail}HoneyBread6 /K.K.2.5 w/Ubuntu(chroot) Marquee}MegaTron/Hyper 2.2 w/Ubuntu(chroot) N7}AOKP
Carrier: Your Mom

Thanks: 426
Thanked 459 Times in 272 Posts
theskaterdad187@gmail.com
Default

Tried this on my marquee runnung ctmod 3.6.8 using dolphin Browser and it opened my hidden menu. So I'm guessing that the marquee is vulnerable?
__________________
~<Remember Thanks Goes A Long Way>~
187MoD-HoneyBread + Genocide-Kernels
The~Skater~187 is online now  
Reply With Quote
Old September 26th, 2012, 12:22 PM   #17 (permalink)
Senior Member
 
vce2005's Avatar
 
Join Date: Jun 2012
Location: Clovis, NM
Gender: Male
Posts: 936
 
Device(s): Samsung Galaxy Prevail running FF19 Rooted, CWM or TWRP, CTMod3.75.2 Final, Koumakernel 2.5 Data Mo
Carrier: Boost Mobile

Thanks: 143
Thanked 262 Times in 215 Posts
Default

Saw that on Yahoo news today !

Newly discovered Android security flaw can wipe your phone with the click of a link | Technology News Blog - Yahoo! News

and this one :

Samsung patches remote wipe vulnerability on Galaxy S III | TechHive
vce2005 is offline  
Reply With Quote
Old September 26th, 2012, 01:52 PM   #18 (permalink)
Member
 
DarkJedi's Avatar
 
Join Date: Aug 2011
Posts: 323
 
Device(s): Motorola Moto X, Motorola XOOM 4G, Logitech Revue
Carrier: Republic Wireless

Thanks: 22
Thanked 97 Times in 74 Posts
Default

Yup. Us Proclaim users are vulnerable too. I took Shabbypenguin's test page, posted it on my server, and edited the number to a Verizon Wireless hidden menu code. Sure enough, it launched the hidden page.
DarkJedi is offline  
Last edited by DarkJedi; September 26th, 2012 at 02:08 PM. Reason: Verified
Reply With Quote
Old September 27th, 2012, 11:38 AM   #19 (permalink)
Sunny Vacation Supporter!
 
palmtree5's Avatar
 
Join Date: May 2012
Location: USA
Gender: Male
Posts: 3,373
 
Device(s): HTC One SV, Samsung Galaxy Prevail (retired), Nexus 7 (Gen 1)
Carrier: Boost Mobile

Thanks: 2,245
Thanked 1,899 Times in 999 Posts
Default

USSD Exploit Test This is another test that you could run. Found it on Lifehacker and visited the page on my phone. Shows up with my MEID. CM9
palmtree5 is online now  
Reply With Quote
Old September 27th, 2012, 02:02 PM   #20 (permalink)
ROM Developer
Thread Author (OP)
 
Shabbypenguin's Avatar
 
Join Date: Mar 2011
Gender: Male
Posts: 5,270
 
Device(s): Nexus 5
Carrier: Sprint

Thanks: 353
Thanked 4,944 Times in 2,039 Posts
Default

not to alarm anyone, but while a factory reset dialer code is fairly uncommon with devices, and teh odds of being targetted for that are slim there is however a fairly universal dialer code.

**21#phonenumber

it sets up call forwarding to whatever you use as the phone number. what that means is ytou can go to a site that has this code setup and it will forward all of your calls automatically without you knowing. worse still imagine if they were all.. "adult" phone numbers. people calling you would be charged 1-5 dollars per call depending on how long they try figuring out wtf is going on and recalling.

installing a second dialer program and never setting teh default will add a layer of security, go to teh website and it activates the code and your phone asks which dialer (obviously a warning sign).
wyelkins and Lordvincent 90 like this.
Shabbypenguin is offline  
Reply With Quote
The Following 2 Users Say Thank You to Shabbypenguin For This Useful Post:
Lordvincent 90 (September 27th, 2012), wyelkins (September 29th, 2012)
sponsored links
Old September 27th, 2012, 02:51 PM   #21 (permalink)
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
 
Lordvincent 90's Avatar
 
Join Date: Oct 2011
Location: grand rapids,mi
Gender: Male
Posts: 4,742
 
Device(s): Galaxy Prevail, Galaxy Prevail II, Kyocera Hydro, Nexus 7 (Grouper), Galaxy rush, Htc One SV
Carrier: of the deadly t-virus

Thanks: 1,691
Thanked 2,384 Times in 1,661 Posts
Default

An excellent point!

Right that wiuld be funny... Dad calls and it's all 'how's it going big boy? You want to have some fun?'

That would be PRICELESS (for like 30 seconds)
DarkJedi likes this.
Lordvincent 90 is online now  
Reply With Quote
Old September 29th, 2012, 06:55 PM   #22 (permalink)
Junior Member
 
oopsibrokeit's Avatar
 
Join Date: Mar 2012
Location: Augusta,GA.
Posts: 70
 
Device(s): Samsung Galaxy Prevail,Kindle Fire
Carrier: Not Provided

Thanks: 12
Thanked 7 Times in 6 Posts
Default

Ok so im a little behind here but I went to two test sites for this and both showed me as open to the exploit so I got telstop from the play store which seems to a shorter version of shabbys suggested fix
oopsibrokeit is offline  
Reply With Quote
Old September 29th, 2012, 10:43 PM   #23 (permalink)
AF Contributor
 
wetbiker7's Avatar
 
Join Date: Jun 2011
Location: So-Cal
Gender: Male
Posts: 7,191
 
Device(s): SamsungGalaxy S3, LG Marquee, Asus TF300T 32GB w/ dock, SamsungGalaxy Prevail
Carrier: Boost

Thanks: 1,895
Thanked 3,209 Times in 2,116 Posts
Default

Quote:
Originally Posted by The~Skater~187 View Post
Tried this on my marquee runnung ctmod 3.6.8 using dolphin Browser and it opened my hidden menu. So I'm guessing that the marquee is vulnerable?

Yep, tried it on my Marquee running CTMod. A screen with my MEID popped up. Damn!
wetbiker7 is online now  
Reply With Quote
Old September 30th, 2012, 08:23 AM   #24 (permalink)
Life Goes On
 
cwhatever's Avatar
 
Join Date: Mar 2012
Location: south central fla
Gender: Male
Posts: 2,896
 
Device(s): galaxy s3 rooted on wicked or carbon, galaxy prevail ctmod 3.8 ssm(mp3 player)
Carrier: Boost Mobile

Thanks: 532
Thanked 745 Times in 553 Posts
Default

In the lounge someone suggested adding another dialer, I did that and when I run these tests it asks which dialer to use, but doesn't affect me making or recieving calls. Would this be a fix too?
cwhatever is online now  
Reply With Quote
Old September 30th, 2012, 11:06 PM   #25 (permalink)
AF Contributor
 
wetbiker7's Avatar
 
Join Date: Jun 2011
Location: So-Cal
Gender: Male
Posts: 7,191
 
Device(s): SamsungGalaxy S3, LG Marquee, Asus TF300T 32GB w/ dock, SamsungGalaxy Prevail
Carrier: Boost

Thanks: 1,895
Thanked 3,209 Times in 2,116 Posts
Default

Quote:
Originally Posted by cwhatever View Post
In the lounge someone suggested adding another dialer, I did that and when I run these tests it asks which dialer to use, but doesn't affect me making or recieving calls. Would this be a fix too?
Yep, I've already tried that and it works.
wetbiker7 is online now  
Reply With Quote
Reply

Samsung Galaxy Prevail
Current Rating:
Rate this Phone:

The Samsung Galaxy Prevail is an entry level device for Boost Mobile. Unlike some of it's Galaxy S cousins, you wont find some of the higher end "Galaxy S" features and it doesn't have the familiar TouchWhiz interface seen on so m... Read More



Go Back   Android Forums > Android Phones > Samsung Galaxy Prevail
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 07:26 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.