Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Attackers Can Force Samsung Galaxy Devices Into Never-Ending Reboot Loop (helpnetsecurity.com)

Posted by BeauHD on from the held-for-ransom dept.

Orome1 quotes a report from Help Net Security: A single SMS can force Samsung Galaxy devices into a crash and reboot loop, and leave the owner with no other option than to reset it to factory settings and lose all data stored on it. This is because there are certain bugs in older Samsung Galaxy phones and tablets that can be triggered via SMS, and used by attackers to force maliciously crafted configuration messages onto the users' device. The bugs allow these types of messages to be executed without user interaction. As the ContextIS researchers who discovered the vulnerabilities explained, this avenue of attack can be abused by crooks to hold users' devices for ransom. "First a ransom note is sent, if ignored then the malicious configuration message can be sent," they noted. If the victim pays up, a configuration message can later be sent to stop the rebooting. The vulnerabilities in question, CVE-2016-7988 and CVE-2016-7989, can be triggered through SMS on the S4, S4 Mini, S5 and Note 4, but not on newer Samsung devices. "It's worth noting that although newer phones such as the S6 and S7 aren't affected over the air, [a similar result] could be accomplished by a malicious app abusing CVE-2016-7988," they added. These specific issues are related to modifications Samsung made to to the Android telephony framework and are found in a Samsung-specific application for handling carrier messages. They've since been patched (November 2016).

7 of 71 comments (clear)

  1. Post the solution then ? by Beamer145 · · Score: 4, Interesting

    "leave the owner with no other option than to reset it to factory settings" vs"configuration message can later be sent to stop the rebooting" -> Why not just publish the config message then so the attack becomes useless ?

  2. Fitness for purpose? by DeplorableCodeMonkey · · Score: 5, Insightful

    When a product can be literally rendered unusable through this level of epic fail, it stands to reason that the product was so defective that the customer could not rely on it. Warranty period or not, this is the sort of thing that the government should say "it should never have been built this way, fix it" since we're not talking about the S1 here.

    1. Re:Fitness for purpose? by SeaFox · · Score: 2

      Warranty period or not, this is the sort of thing that the government should say "it should never have been built this way, fix it" since we're not talking about the S1 here.

      A way of changing device configuration that cannot be stopped by the user... sounds like what the government wanted from Apple so they could brute-force the passcode for locked devices.

    2. Re:Fitness for purpose? by AmiMoJo · · Score: 2

      It's been patched. Maybe they could offer free recovery but it seems like no one has actually been affected.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Endless reboot, eh? by Provocateur · · Score: 4, Funny

    At least it's not going to explo

    --
    WARNING: Smartphones have side effects--most of them undocumented.
  4. Post the attack by wisebabo · · Score: 2

    I'm curious. Does this attack really work? Does the defense really work?

    If the researchers have an effective attack AND an effective defense why not release both so that we can try it? Aren't there some Samsung users out there (okay all of them) that you'd like to annoy?

    (Sorry, but with the way things are going, being sociopathic is now in vogue)

  5. Re:Best description of the actual attack so far by pope1 · · Score: 2

    https://www.contextis.com/resources/blog/wap-just-happened-my-samsung-galaxy/

    --
    /* * pope1 */