Samsung Android Hole Also Leaves SIM Cards Vulnerable

Lucian Constantin, IDG:

Several Samsung Android devices, including Samsung Galaxy S III, Galaxy S II, Galaxy Beam, S Advance, and Galaxy Ace were reported to be vulnerable because they supported the special factory reset code.

Borgaonkar showed that a device can be forced to automatically open a link to such a page by touching a NFC-enabled phone to a rogue NFC tag, by scanning a QR code or by including the link in a special service message. However, an attacker can also include the link in a Twitter feed, SMS or an e-mail message and trick the victim to manually click on it.

Any evidence yet that this exploit is being used in the wild?

Monday, 1 October 2012