‘Dirty USSD’ hack thought to target Samsung Galaxy smartphones spreads to all Android devices
Earlier this week a security researcher from Technical University, Berlin discovered a serious flaw in the Samsung Galaxy SII and SIII. Since the flaw could potentially trigger a factory reset on a device without the user’s knowledge it received a lot of coverage. The flaw was triggered by the manner in which the TouchWiz UI interacted with the USSD codes of vulnerable devices.
Samsung then released a security patch for this vulnerability. Unfortunately, this over-the-air patch can only be passed on to users through their carriers in Western regions. Other regions of the world may have to wait longer to receive this patch as well. While the timely intervention is appreciated, its distribution and reach is poor.
The next day it became clear that this flaw targets ALL Android devices that run a version below 4.1 (Jelly Bean). Moreover, the flaw is not restricted only to Samsung devices. The malicious code spreads through a URL, NFC or QR codes. The complex nature of the malicious USSD codes has made this flaw a highly potent one.
Iran starts Internet censorship process
In a move that heralds the censorship of the Internet, Iran has started building up a domestic Internet network for its citizens. According to Reuters, they might block Google on this network. This includes access to Gmail as well, and how Iranian citizens respond to this is yet to be seen.