by a Thinker, Sailor, Blogger, Irreverent Guy from Madras

Android phone SIM card and Data can be wiped out by Hackers


A security weakness that can enable a hacker to wipe entire data from an Android phone has been discovered.  The exploit seems to be targeted towards the currently popular Samsung smartphones, although HTC, Motorola, Sony Ericsson and every other smartphone using Android is vulnerable.

The good news is that Google has issued a fix for the Andorid OS.

The security flaw is present on all Android Versions 2.3.x (Ginger Bread), 3.x (Honeycomb), 4.0.x (Ice Cream Sandwich) and 4.1.x (Jelly Bean).

The exploit can enable an attacker to do two things:
  • Kill your SIM card permanently, or
  • Wipe all data from the phone remotely.
The exploit uses the USSD codes - Unstructured Supplementary Service Data - which are used for WAP browsing, prepaid callback and mobile money services.  USSD is usually used by pre-paid cell phone users to enquire about balance available on their account and possibly real-time updates from social networking sites - FaceBook and Twitter especially.

Users of AirTel money in India take note - AirTel money uses USSD service.
The problem is the exploit doesn’t need any user interaction - that is, to press yes/accept - to do its dirty work.

So, what are the solutions?

  • Update your device - if you can do it;
  • Hope your operator or manufacturer sends you the auto-update. Until then, say your prayers and use your device with caution.
    :-D

    OTOH, to take another view, why would a hacker wipe out your data or render your SIM inoperable?  He wants to make or take money off you - not put you off his network.

    security-experts-find-new-android-os-vulnerabilities
    (image courtesy socialbarrel.com)


  • No comments:

    Post a Comment

    Support - Donate

    Your Blog is

    Donate thro ECWID

    Contact Form