PSA: Watch what sites you loadSupport


  1. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    Some of you may have heard the big news, there is a bit of html code that can remotely do a factory reset on your device while browsing around without your consent or way to stop it. the website has to have it setup and has to the stock web browser. since this exploit was released into the public it is unknown on if any sites may "maliciously" add it in. i cant confirm or deny that this device may be subject to this exploit, but its for teh best that you know anyways.

    the code can be viewed via a frame on a website, so some jerk posting the html code into a comment isnt gunna make the site screw your phone up. so it has to be setup to run the exploit, but since it is only a few lines im sure a few sites already have ill intentions. if anyone would like to test their device with the exploit i have a secret page setup that i have been testing my devices on. if it doesnt affect your device than ill post about it here and everyone can breathe a sign of relief.

    so far it seems its only samsung devices that are affected but many more could be.

    edit: Samsung prevail, Admire and teh ZTE warp are ll suseptible to the core exploit. you can test without wiping your device here

    www.shabbypenguin.com/data

    Advertisement
  2. alpha0990

    alpha0990 Well-Known Member

    /nget flash fool

    Galaxy Ace

    Lol
  3. alpha0990

    alpha0990 Well-Known Member

    That was with Opera.

    With the stock browser, Dialer was opened with the number: ##3282#
  4. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    on the attain? it didnt enter teh debug menu?
  5. alpha0990

    alpha0990 Well-Known Member

    Samsung Galaxy Ace bro. No debug menu with stock browser.

    For Opera see the pic

    [​IMG]

    If I click, the dialer opens
  6. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    this only works in teh stock browser. i was confused about the device you were using due to this being the attain 4g forums :p

    what happens if in your dialer you dial ##3282#?

    if nothing then you prolly just need a diff dialer code, isnt teh ace a gsm device?
  7. alpha0990

    alpha0990 Well-Known Member

  8. MaxOmus

    MaxOmus Well-Known Member

    The Attain is exploitable as well, just tested on stock browser & dolphin, both prompted the dialer.
    Tokenpoke likes this.
  9. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    the dialer showing up is what you want, thats a feature. what you dont wanna see is the hidden menu due to it
  10. Tokenpoke

    Tokenpoke Well-Known Member

    Nice to have ya back shabbs
  11. MaxOmus

    MaxOmus Well-Known Member

    Ok, Check this out... Just to confirm Ill post a couple screens below showing what occurred when I went to your link w/ the stock browser:

    (Ignore the AirDroid toast, it's unrelated. I was using it for the screens)

    [​IMG]

    After I clicked on the dialer it took me here:

    [​IMG]

Share This Page