Cellphones using Google’s Android operating system are at risk of being disabled or wiped clean of their data, including contacts, music and photos, because of a security flaw that was discovered several months ago but went unnoticed until now.
Opening a link to a Web site or a mobile application embedded with malicious code can trigger an attack capable of destroying the memory card in Android-equipped handsets made by Samsung, HTC Corp (宏達電), Motorola and Sony Ericsson, rendering the devices useless, computer security researcher Ravi Borgaonkar wrote in a blog post on Friday.
Another code that can erase a user’s data by performing a factory reset of the device appears to target only the newly released and top-selling Galaxy S III and other Samsung phones, he wrote.
Borgaonkar informed Google of the vulnerability in June, he said.
A fix was issued quickly, he said, but it was not publicized, leaving smartphone owners largely unaware that the problem existed and how they could fix it.
Google declined to comment. Android debuted in 2008 and now dominates the smartphone market.
Nearly 198 million smartphones using Android were sold in the first six months of this year, according to the research firm IDC. About 243 million Android-equipped phones were sold last year, IDC said.
Versions of Android that are vulnerable include Gingerbread, Ice Cream Sandwich and Jelly Bean, according to Borgaonkar. He said the Honeycomb version of Android, designed for tablets, needs to be tested to determine if it is at risk as well.
Samsung, which makes most of the Android phones, said only early production models of the Galaxy S III were affected and a software update has been issued for that model.
The company said it is conducting an internal review to determine if other devices are affected and what, if any, action is needed. Samsung said it is advising customers to check for software updates through the “Settings: About device: Software update” menu available on Samsung phones.
Borgaonkar, a researcher at Germany’s Technical University Berlin, said the bug works by taking advantage of functions in phones that allow them to dial a telephone number directly from a Web browser.
However, that convenience comes with risk. A hacker, or anyone with ill intent, can create a Web site or an app with codes that instruct the phones linking to those numbers to execute commands automatically, such as a full factory reset.
While Borgaonkar has drawn attention to the problem, it is unclear how useful the vulnerability would be to cybercriminals who are primarily interested in profits or gaining a competitive advantage, said Jimmy Shah, a mobile security researcher at McAfee.
“There’s no benefit to the attacker if they can’t make money off it or they can’t steal your data,” Shah said.
However, the technique could cause huge headaches if it were harnessed to issue outbound phone calls, said Mikko Hypponen, chief research officer at F-Secure, a digital security company in Helsinki, Finland.
Until US President Donald Trump’s return a year ago, when the EU talked about cutting economic dependency on foreign powers — it was understood to mean China, but now Brussels has US tech in its sights. As Trump ramps up his threats — from strong-arming Europe on trade to pushing to seize Greenland — concern has grown that the unpredictable leader could, should he so wish, plunge the bloc into digital darkness. Since Trump’s Greenland climbdown, top officials have stepped up warnings that the EU is dangerously exposed to geopolitical shocks and must work toward strategic independence — in defense, energy and
For the second year in a row, a Brazilian movie has wowed international audiences and critics, securing multiple Oscar nominations and drawing fresh interest in the Latin American giant’s film industry. Experts say the success of The Secret Agent, which has won four Oscar nominations, a year after I Am Still Here won Brazil its first Oscar, is no fluke, with a bit of a push from the country’s political climate. “This is neither a coincidence nor a miracle. It is the result of a lot of work, consistent policies, and, of course, talent,” Ilda Santiago, director of the Rio International Film
AI SPLURGE: The four major US tech companies have lost more than US$950 billion in value since releasing earnings and outlooks, while equipment makers were gaining Four of the biggest US technology companies together have forecast capital expenditures that would reach about US$650 billion this year — a flood of cash earmarked for new data centers and all the gear within them. The spending planned by Alphabet Inc, Amazon.com Inc, Meta Platforms Inc and Microsoft Corp, all in pursuit of dominance in the still-nascent market for artificial intelligence (AI) tools, is a boom without a parallel this century. Each of the companies’ estimates for this year is expected either near or surpass their budgets for the past three years combined. They would set a high-watermark for capital spending
IShowSpeed, a 21-year-old African-American influencer, has raced a cheetah, leapt with Maasai warriors and drawn huge crowds in a month-long tour of Africa that has also busted cliches about the continent. The YouTube and Twitch star’s tour, which started on Dec. 29 last year, took him to 20 countries, showing his tens of millions of followers a different side of Africa as he visited a diamond mine in Botswana, discovered Ethiopia’s rich cuisine and attended the Africa Cup of Nations football final in Morocco. IShowSpeed — born in Cincinnati, Ohio as Darren Jason Watkins Jr. — is one of the most followed
RSS