[i9000][i9001][INFORMATION][SECURITY][TMPFIX] Important security hole

Search This thread
By:
Advanced…
T

Tweak-Man

Member
Jun 30, 2012
26
48
This is an important information about a security hole on our Samsung's devices.
This hole was discovered by Ravi Borgaonkar at the Ekoparty security conference.

This hole can wipe your phone without asking the user. It can be done by using URL, SMS, QRCodes and NFC.

To check if your device is vulnerable, you can go on this site and if the phone open the dialler and display the IMEI code, your are vulnerable !
http://dylanreeve.com/phone.php

BE VERY CAREFUL, EVEN ROOTED AND CUSTOMIZE DEVICES ARE CONCERNED

Confirmed devices for our section:
  • Samsung Galaxy S [i9000]:
    • with CyanogenMod9 with stock dialer
    • with CyanogenMod10
    • with 2.3.5 XXJVS

EDIT:
Thanks to Yannis100, he founds a temporary fix to this.
Just download the application TelStop. Now, every time there is a USSD Code who could do something on your phone, it will ask your with witch application you want to open the link (the phone (very bad idea) or TelStop).

More informations here:
Major security vulnerability Samsung phones could trigger factory reset
and here:
Youtube video

--
If this thread helps you or was useful, please click Thanks ! :good:
 
Last edited:
  • Like
Reactions: JulesMarcus1234, ruthlessrat and Yannis100
Yannis100

Yannis100

Member
Jun 27, 2012
24
16
Poliez-Pittet
Hi, thank you for this info
After test I can confirm that my device is vulnerable too, I tried with Firefox and Boat

For information : a possible way to fix this is to download TelStop on Google Play

Send with my HTC One V, MyOneV 5 with Titanium-KISS kernel
 
Last edited:
  • Like
Reactions: Tweak-Man
H

hughtc

Member
Feb 20, 2011
18
2
Castlemaine
Confirmed with i9000 running CM9's stock dialer.

ROM version: 9.0.0-galaxysmtd.

Test page opens the dialer and displays the IMEI without prompting.

I'm wondering whether part of the issue is that these codes don't require the user to hit the 'dial' button, they execute as soon as the last # is typed.

Someone put forward the idea that 'although that test page may work, you're not vulnerable to the reset hack as that's a TouchWiz specific thing' - as far as I can tell these codes are baked into the phone's firmware at a low level, so a reset is possible on any device that supports the code, irrespective of the ROM / skin it may be running.

The real issue is that it has been exposed via a broken URL handling mechanism, and that broken functionlity is not limited to TouchWiz devices.
 
ruthlessrat

ruthlessrat

Senior Member
Sep 23, 2012
174
32
I just installed tel stop better safe than sorry :)

But why someone would like to erase everything from my phone

Werid besides most info i can restore from Google my laptop etc

Typed with my I9001
 
N

Noumen

Senior Member
Apr 15, 2012
52
13
unofficial cm10 27-09-2012 (fishears) rom tested not vulnerable :D
opens the dialer but no imei info displayed, this means by the description of that website that im not vulnerable.
 
Last edited:
You must log in or register to reply here.

Similar threads

[Ramad]
[Firmwares]Official I9000/I9000M Firmwares collection [Latest: XWJWB, XWJW8, DDJVB]
Replies
796
Views
891K
majedsah
majedsah
BogdanSNB
  • Locked
[REF] Stock Firmwares for Samsung Galaxy S I9000 series - Download Only
Replies
692
Views
640K
A
alexraptor4
izmenar
i9000 Secret Codes
Replies
99
Views
368K
LinuxPusher
LinuxPusher
L
[FIX] i9000 i9001 gps final fix
Replies
543
Views
320K
D
Darkestnoir
AllGamer
  • Sticky
Galaxy S Plus I9001 General
Replies
1K
Views
293K
J
jozto

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 3
    T
    Tweak-Man
    This is an important information about a security hole on our Samsung's devices.
    This hole was discovered by Ravi Borgaonkar at the Ekoparty security conference.

    This hole can wipe your phone without asking the user. It can be done by using URL, SMS, QRCodes and NFC.

    To check if your device is vulnerable, you can go on this site and if the phone open the dialler and display the IMEI code, your are vulnerable !
    http://dylanreeve.com/phone.php

    BE VERY CAREFUL, EVEN ROOTED AND CUSTOMIZE DEVICES ARE CONCERNED

    Confirmed devices for our section:
    • Samsung Galaxy S [i9000]:
      • with CyanogenMod9 with stock dialer
      • with CyanogenMod10
      • with 2.3.5 XXJVS

    EDIT:
    Thanks to Yannis100, he founds a temporary fix to this.
    Just download the application TelStop. Now, every time there is a USSD Code who could do something on your phone, it will ask your with witch application you want to open the link (the phone (very bad idea) or TelStop).

    More informations here:
    Major security vulnerability Samsung phones could trigger factory reset
    and here:
    Youtube video

    --
    If this thread helps you or was useful, please click Thanks ! :good:
    View
    1
    T
    thekalkkuna
    Confirmed (i.e. exploit in a web page works) with Samsung Galaxy S Plus (GT-I9001) stock 2.3.5 XXKPJ and stock browser.
    View
    1
    Yannis100
    Yannis100
    Hi, thank you for this info
    After test I can confirm that my device is vulnerable too, I tried with Firefox and Boat

    For information : a possible way to fix this is to download TelStop on Google Play

    Send with my HTC One V, MyOneV 5 with Titanium-KISS kernel
    View
    1
    T
    Tweak-Man
    Thank to everyone who gave me a reply about their (vulnerable) phone ! I've updated the list :)

    skezza said:
    TelStop isn't working properly for a lot of people at the moment.
    Click to expand...
    Click to collapse

    For me, it works perfectely :rolleyes:

    --
    If this thread helps you or was useful, please click Thanks ! :good:
    View

New posts