Context Researchers discover SMS-based vulnerabilities in Samsung Galaxy devices
Android phones are still vulnerable to SMS-based attacks according to researchers at Context Information Security. One of the bugs found by Context in older models of Samsung Galaxy devices could be triggered remotely and rendered the device unusable until a factory reset was performed, leaving users open to ransomware attacks. The vulnerability was triggered by the type of SMS messages sent by manufacturers and network operators for configuring carrier and other device configuration settings.
While Context alerted the Samsung Mobile Security Team who were quick to fix the problem and release a security update, the researchers believe that it is likely similar vulnerabilities exist in other Android devices. A detailed blog describing the vulnerabilities has been published today at: https://www.contextis.com/resources/blog/wap-just-happened-my-samsung-galaxy/
“Modern mobile devices are generally difficult for attackers to exploit due to increasing protection offered by the operating systems, but all phones still rely on old, complex technologies for basic functionality that are often poorly understood and documented, leaving room for bugs and ambiguities to exist,” said Neil Biggs, Head of Research at Context. “The complexity of exploiting Android devices has escalated to the point where an attacker usually requires a chain of bugs to achieve the desired effect and just looking at one specific technology we found four separate bugs.”
The vulnerabilities are borne out of WAP Push functionality, which allows content to be pushed to a mobile device with minimal or no user intervention using SMS. WAP or the Wireless Application Protocol, has been in public operation since 1999 and it is WDP (Wireless Datagram Protocol), part of the WAP suite, which provides the transport layer to move data between two endpoints or specific ports.
“WAP Push can be used to transport data for a multitude of applications but it was the Open Mobile Alliance Client Provisioning (OMA CP) protocol that allows remote device provisioning and configuration, which was the one that caught our eye and led to the discovering of the vulnerabilities,” said Tom Court, a Senior Researcher at Context.