NIST Cybersecurity Framework v1.0 – Key Takeaways

Samsung Galaxy SII and SIII: Prone to a New Security Vulnerability
In a recent demonstration by a security researcher, it was found out that Samsung Galaxy SII and SIII smart phones were vulnerable to being remotely wiped off their memory. In this regard, for the owners of these devices the precursor is here, you may want to watch your ways, especially when opening internet links that you receive through QR, NFC or Push messages.

A researcher in the Security in Communications department at Technical University Berlin, Ravi Borgaonkar, manifested this particular vulnerability at the Ekoparty security conference, Argentina. According to him, the manner in which the devices make use of Unstructured Supplementary Service Data leaves them conveniently open to exploitation through a single line of malicious code embedded in a web page. The Unstructured Supplementary Service Data (also USSD) is basically what is used to transmit messages between an application server and a phone.

How does that work?
The malicious code as discussed above can be made use of in order to trigger the factory reset for the Galaxy SIII device. If the code is embedded in a single frame it will automatically lead a factory reset that does not have to be initiated by the user. Nonetheless, merely browsing a website with the embedded code does not result in triggering the reset, rather opening it through NFC, WAP Push SMS or QR does. As soon as the website link in the message opens, the wipe is started.

The techie take
Some techie responded rather optimistically to the news and thought that the weakness would not do much damage. The underlying argument was that many hackers will not go into frenzy over wiping a few phones, considering many consumers use Cloud Backups with their devices and it will be an exercise in futility as the users will simply be able to reverse the oh-so clever move. Still, the concern was that is there anything more that can come out from this exploit, because if there is than not opening a link that you didn’t call for would be a better idea.

The company’s response
Following the entire kerfuffle over the issue, Samsung finally responded and claimed that the issue was resolved. A spokesperson from the South Korean company explained that the vulnerability was now patched but failed to mention when exactly was it fixed and which version of the software was secure for now.

All that was given out was an assurance to the consumers that the recently discovered security weakness concerning Galaxy SIII was patched through a software update, recommending all the users of this device to download the latest software update. It can be done simply and rapidly using the over the air service, according to the company.

 While that might be a reason for Galaxy SIII owners to sleep well at nights, what about the ones with other smart phones, the SII inclusive. According to the rumors the problem stemmed out from the TouchWiz UI as opposed to merely the Galaxy SIII. Well, the company has not responded in this vein, so for now, the Galaxy SIII users who feel reassured can sleep well and others can, perhaps take pill or go on trying to dodge the bullets of this demon as they do Android spy apps, mobile spy software and the like.

Author Bio: James Clark has been in the business of providing quality information on cell phone monitoring for a while now. He's an expert at all things spyware, but his main forte is iPhone spyware which has captured the interest of many.