• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

WARNING!: Vulnerability found

DarkJedi

DarkJedi

Android Enthusiast
Original post here.

Long story short: Malicious website can have code that will activate hidden commands on your phone (dialer codes). This could include resetting your phone back to factory default, wiping your phone!

I've confirmed that our Samsung Galaxy Proclaim is vulnerable if the code sent from the website uses Verizon's dialer code. The linked post has a demo that uses a Sprint dialer code so it won't affect your phone.

So in short... careful as to what websites you view with your phone.

==UPDATE==
We might not be as bad off as others. I have been successful in getting some codes to automatically activate on my phone, but none that reset the phone back to factory defaults. Not saying it isn't possible though (I'm still new to the Proclaim).
 
Is there any (preferably foolproof, for newbies like me) way to safeguard against this malicious code? I'm pretty careful about browsing, but there's so much I don't know.
 
For now, you can only hope that none of the websites you visit have any of this malicious code on it. Thankfully, in my couple hours of testing, I've not hit any code that reset my phone. I've made it do other stuff (that aren't safe), but not wipe out my phone.
 
DarkJedi said:
For now, you can only hope that none of the websites you visit have any of this malicious code on it. Thankfully, in my couple hours of testing, I've not hit any code that reset my phone. I've made it do other stuff (that aren't safe), but not wipe out my phone.
Click to expand...


Does anyone know if this vulnerability has been fix I'm getting mine phone on friday?
:confused:
 
So i was tired of struggling with poor service from weak signal and finally got strong enough signal to open the Google app play store. Found a couple WiFi hotspot related ones with good reviews and downloaded them. Samsung Proclaim has not received or sent e-mail or had web access since--starts out with the saved address but then diverts to https://dunsp.VZW.com with a Verizon symbol icon.
Tried uninstalling, cleaning cookies, history, etc., restart, settings for WiFi, nothing doing. Found a hidden remnant in Folders & deleted that. Tried battery pull and set for minutes prior to reinstall. Latest attempt is dialing *22890, get message reprogramming unsuccessful.
I have AVG, doesn't find anything unnatural.

On a good note, still have pics, notes, phone book intact, and can use phone for calls and texts...

Any suggestions, experience with this?
Thank you
 
You must log in or register to reply here.
Back
Top Bottom