Android’s dialer is behind the remote wipe vulnerability, Google knew three months ago
Posted in: Today's Chili
Yesterday it was discovered that a simple URL could completely wipe a whole range of Samsung phones. At the time, it was thought that the flaw was part of Samsung’s Touchwiz UI. Although the specific flaw was patched by Samsung, we may not have seen the end of the vulnerability. Dylan Reeve writes that the original flaw isn’t limited to Samsung devices, but is instead the problem comes from the Android dialer itself. Reports show that the HTC One X and the Motorola Defy both have the vulnerability. What’s worse is that the problem was identified and patched three months ago, but Android updates comes so rarely that even high-end phones can still be wiped by clicking on a link.
By Ubergizmo. Related articles: NFC-enabled Android and Nokia phones vulnerable to hijacking, DARPA awards $21.4 million contract to Invincea to make Android more secure,
