London: A serious security flaw in some Samsung Android smartphones could allow hackers to access to phone data just by sending an SMS or getting a user to visit a URL, it has emerged.
Ravi Borgaonkar, a researcher with the telecommunications department at the Technical University of Berlin, recently exposed the security flaw at the Ekoparty security conference in Argentina.
Australian security experts say that the flaw is a ‘wake up call’ for mobile users who didn't back up their smartphones, the Sydney Morning Herald reports.
According to the report, manufacturers like Samsung use special USSD codes that can be typed into the dial pad by end-users to make it easy for handset makers and telcos to do support over the phone with their customers.
One such code - *#06# - is used to display a phone's IMEI number on the screen. Another code resets the phone.
According to the paper, what Borgaonkar discovered was that a person could craft a website with the reset code embedded, in Samsung's case *2767*3855# (do not type this into your phone!), and get the code to automatically run when a user visited it.
A hacker could also exploit an affected phone by getting a user to scan a malicious QR code or by sending them a malicious SMS or NFC transmission, the report said.
Dylan Reeve, who works as a TV editor in New Zealand and has worked in IT in the past, said millions of Samsung devices would be affected by the flaw.
He recommended users running Android on Samsung devices to check whether they were affected by using a test website he has developed.
First Published: Tuesday, October 02, 2012, 13:34