12/09/2012 20:18 | By Matt Farrington-Smith, editor, MSN Tech & Gadgets

Clicking on this link will KILL your phone

All the details on that lethal website URL that will wipe all data on Android mobile phones.



An attack triggered by visiting a malicious web page has the power to wipe data from Samsung Android devices and disable SIM cards.
 

A leathal code has the ability to wipe all data on Android mobile phones.

An example of a malicious code being loaded.

How does it work?

The kill command is triggered by visiting a rogue web page - upon doing so a command will be sent to your phone and instruct it to open its dialler (the dialler is used to make phone calls). Upon doing this a special sort of telephone number URI (uniform resource identifier), followed by a factory reset code, is invoked using an iFrame.

A vulnerable mobile phone will tell the dialler to execute the code - requiring no input on the users part. This stage is perhaps the most chilling; if we were to make a phone call ourselves the handset would wait for us to press "dial". In the case of this exploit your phone will carry out the command without us ever knowing.

Tech fact: The factory reset command (or kill command) is transmitted via USSD code.


 

Who is affected?

Some of the reports we've seen so far include the following Samsung Android devices: Samsung Galaxy S III, Galaxy S II, Galaxy Beam, S Advance and Galaxy Ace).

Google has already released an over-the-air patch for its own, unlocked Galaxy Nexus devices. All Galaxy Nexus devices should now all be running at least Android 4.1.1 (Jelly Bean).

We're also hearing that the attack can also affect SIM cards.

How was it discovered?

Details of this fatal smartphone exploit were uncovered by Ravishankar Borgaonkar from the Technical University of
Berlin. Borgaonkar demonstrated the attack and also detailed that the kill code can transferred via NFC (near field
communication) or by scanning a QR code.

What can you do?

Luckily there are some steps you can take to protect yourself against such an occurrence.

The TelStop app will prevent your phone from automatically launching its dialler to carry out the fatal kill command. You can download this from the Play Store.

And with any modern smartphone it is advisable to secure your mobile by installing something like Sophos Mobile Security (also available in the Play Store).

Check out - the best robot vacuum cleaners

1Comment
Report
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
Categories
100 character limit
Are you sure you want to delete this comment?