• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Security Vulnerability for us, too?

T

tonestertm

Newbie
Turns out it's not just the Samsung which has the remote wipe vulnerability; read this article, and try the link there to test. Mine (MTDEV CM9 9/15) came up with my MEID, which means it's vulnerable.

I'm a little surprised the dialer patch from June hasn't been folded into official CM upstream yet (if that's what this actually means). Can we do this here, somehow?
 
tonestertm said:
Turns out it's not just the Samsung which has the remote wipe vulnerability; read this article, and try the link there to test. Mine (MTDEV CM9 9/15) came up with my MEID, which means it's vulnerable.

I'm a little surprised the dialer patch from June hasn't been folded into official CM upstream yet (if that's what this actually means). Can we do this here, somehow?
Click to expand...

Just be aware that just because the MEID code works on that dialer, it doesn't mean that we have a factory reset code, via the dialer, on our device. Most of the Sprint dialer codes don't work on Cm7/CM9 at all.

That Samsung reset code certainly does nothing on our device (other than trying to call an invalid number, of course).
 
thangfish said:
Just be aware that just because the MEID code works on that dialer, it doesn't mean that we have a factory reset code, via the dialer, on our device. Most of the Sprint dialer codes don't work on Cm7/CM9 at all.

That Samsung reset code certainly does nothing on our device (other than trying to call an invalid number, of course).
Click to expand...

Excellent points, thanks! Though it still seems like it leaves the door open for some possible future mischief. Plus, not sure I like someone being able to pull my MEID, since I have no idea what they might be able to do with it.
 
tonestertm said:
Excellent points, thanks! Though it still seems like it leaves the door open for some possible future mischief. Plus, not sure I like someone being able to pull my MEID, since I have no idea what they might be able to do with it.
Click to expand...

no no, It's not like they can "pull" it.
The http "tel" tag just sends to your dialer.. like a phone number (or USSD code).

go to your dialer and punch in:
*#06#

see what I mean?
 
I understand about the dialer code part, we just don't have that same factory reset code, so that particular exploit is not an issue for us. I get it.

Sorry to be thick, but what I'm not clear on is, if this guy sat down and whipped out a webpage that can display my MEID in a popup from my dialer (or make my phone do anything I didn't ask it to) just by visiting said page, who's to say a malicious website couldn't find a way to "read" that MEID when it pops up? Seems like an unnecessary invitation/challenge, especially when there's a patch already released.

And I'm genuinely just curious, wouldn't it theoretically be possible to feed some phone number into the dialer and have the phone automatically dial out to it? (Dunno why anyone would wanna do that, except for maybe 900 numbers or something....) Guess I need to read up on this USSD thing....
 
tonestertm said:
And I'm genuinely just curious, wouldn't it theoretically be possible to feed some phone number into the dialer and have the phone automatically dial out to it? (Dunno why anyone would wanna do that, except for maybe 900 numbers or something....) Guess I need to read up on this USSD thing....
Click to expand...

Yes, that is possible, and as a matter of fact that is exactly what "tel" tag is for. Click on a link to automatically dial.

Think of traveling, then voice search for a restraunt or hotel, then dial by clicking a link.

It's all about convenience.

It's just that the dialer is used to input special codes to see, for example, service status, battery usage stats, internal menus, etc.
apparently no one thought anyone would want to show you your service menu.

No big deal, really, until Samsung sticks a factory reset code in there that works with no confirmation input from the user.
 
The other thing I forgot is this exploit WILL NOT WORK on our phone AS LONG as your rooted and have CWM installed. With CWM installed you can not remote wipe. Example in CM9 if you go to

Settings < Backup Reset < Factory data reset and hit OK to everything it just hangs. On CM7 when you do the same thing it will just boot you into CWM. So even if our phone had a special code to run the remote wipe which it doesn't, and you have CWM installed your absolutely fine. I have also noticed that the CM Team has not only not talked about this, but also have not done anything about this as this won't effect anyone running CM6,7,9,10 as you have to have CWM installed to use CM.

I am sure the this is also the same case with MIUI or any other ROM as long as CWM is installed you should be just fine.
 
You must log in or register to reply here.
Back
Top Bottom