A remote-wipe vulnerability that initially only affected certain models of Samsung phones seems to be spreading...
to other devices running Google's Android. Could you explain how this Android remote-wipe vulnerability works and how users can protect themselves from it?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
First identified for recent Samsung smartphones, the remote-wipe vulnerability targeting Android devices allows a malicious webpage to wipe all the data off a device by issuing a factory-reset command.
The factory-reset command functionality was probably added to aid in support and deployment scenarios where a phone must be reset to the factory defaults to recover from a broken operating system or otherwise reset to the original settings. This functionality was present before smartphones, back to when phones only had the standard dialing pad to program the device. The basic functionality to dial a phone number from a webpage aids users with calling phone numbers on webpages rather than directly dialing the phone number. Users could fall victim to this vulnerability by accidently clicking on a link that dials the malicious phone number to trigger the factory-reset command. This factory-reset command should require an additional authorization or prompt before starting the factory reset.
Android users can protect themselves by using an antimalware or security program designed to protect against these types of attacks. There have been calls for Samsung to issue an update for this vulnerability, but even if Samsung provided a timely update, the cellular carriers would most likely be the ones to push the update to all of the phones. Carriers are slow to push out updates because of the complexity and effort it requires. A carrier pushing this update out is like an enterprise trying to patch all of the systems on its network, so users might want to have another security control in place to help protect their smartphone in the meantime.
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.