Samsung mobile phones, could allow a malicious Web site, a
vulnerability on the user device wipe, but new details show that this
problem extends beyond the Samsung product line in some versions of
Android - and that dialers may cause. I copied the same code on a HTC moviles tactiles and Motorola phones run the same version of CyanogenMod, I found the same problem.
This problem seems to be Android Dialer itself. Website link a special prefix character through digital telephone(spain words:moviles libres baratos)
dialer - the same functionality, so that you can initiate a phone call
from a Web site, for example. However, the phone dialer also supports
special characters in the string, and can display the IMEI code of the
phone to do anything to wipe the device itself. These special code in
the the equipment vulnerable, dialer, like any other phone number,
allows a site user authorized it to do so in the case of start reset.
When I find relevant information on the Internet, I found that this is not a special case.
Reeve pointed out that the error is corrected in the Android earlier
this year, but not all cell phone may run the update code.
As for the Samsung Galaxy S III said the company has already patched,
to avoid the problem - although we still found a variant of the AT &
T are loopholes in our tests. To install third-party dialer, is not
vulnerable to attack, it seems that during this period, is the best
choice for most users. Equally important is to keep in mind that not all
phone reset factory default, the built-in code. However, this may come a
little comfort, is vulnerable users - to say nothing of the impact, it
will be for those who already think Android is a platform security
issues.
But, in fact, the the android system security mechanism still needs to be improved.
没有评论:
发表评论