A remote-wipe vulnerability that initially only affected certain models of Samsung phones seems to be spreading to other devices running Google's Android. Could you explain how this Android remote-wipe vulnerability works and how users can protect themselves from it?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
First identified for recent Samsung smartphones, the remote-wipe vulnerability targeting Android devices allows a malicious webpage to wipe all the data off a device by issuing a factory-reset command.
The factory-reset command functionality was probably added to aid in support and deployment scenarios where a phone must be reset to the factory defaults to recover from a broken operating system or otherwise reset to the original settings. This functionality was present before smartphones, back to when phones only had the standard dialing pad to program the device. The basic functionality to dial a phone number from a webpage aids users with calling phone numbers on webpages rather than directly dialing the phone number. Users could fall victim to this vulnerability by accidently clicking on a link that dials the malicious phone number to trigger the factory-reset command. This factory-reset command should require an additional authorization or prompt before starting the factory reset.
Android users can protect themselves by using an antimalware or security program designed to protect against these types of attacks. There have been calls for Samsung to issue an update for this vulnerability, but even if Samsung provided a timely update, the cellular carriers would most likely be the ones to push the update to all of the phones. Carriers are slow to push out updates because of the complexity and effort it requires. A carrier pushing this update out is like an enterprise trying to patch all of the systems on its network, so users might want to have another security control in place to help protect their smartphone in the meantime.
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.