How to Hack Samsung Phone with a Charger

 

“Mobile tracker” is a default service on Samsung phones. Most Samsung users don’t know its existence. However, it does enabled on most of the Samsung products, we already confirmed the flollowing:

  • Samsung Galaxy S
  • Samsung Galaxy S2
  • Samsung Galaxy S3
  • Samsung Galaxy S4
  • Samsung Galaxy S5
  • Samsung Note I
  • Samsung Note II
  • Samsung Note III
  • Samsung Galaxy Note 8
  • Samsung Galaxy Note 10

Because of lacking proper identity check when binding the phone owner’s Samsung account, this feature could be easily abused by an attacker, and can be turned into a high privilege backdoor. All the hacker need is one minute of physical contact of your phone, such as using a fake charger.

Here is the Prove-of-Concept video:

An attacker could do the following using Samsung’s find my phone web portal (http://findmymobile.samsung.com/):

  • Ring the device
  • Retrive the device location
  • Retrive the call logs
  • Wipe out all the data
  • Lock the device
  • Unlock the device (even with the passcode enabled)

Because the mobile tracker service is by default enabled as a system service, we suggest all Samsung users to bind your own Samsung account before the hacker does.

Simple Malware Made by Freshman, Big Problem for Mobile Security

In the last weekend, the Chinese medias are filled with a news “Super Android Virus In-the-Wild”. The consequence of this worm looks remarkable in the mobile virus history: from Jul 28 to Aug 2, it infected millions. And the writer of this malware, a talented 19-year old freshman, was arrested within 9 hours (because he hardcoded email account inside the app). The intent of making this malware was “showing off” and “spy on girlfriend”.

After we took a close look at this virus, we surprisingly found it a “Hello World” style malware: it contains basic control functionalities such as reading the SMS list (specified on e-shopping notifications). It has a simple but efficient way of spreading: reading the contact, and sending phishing SMS containing the APK download link to all the victim’s contacts, caused an exploding infection number.

There is no destructive functionality in this malware, nor does it generate profit for the writer. The only consequence is bugging your friends and waste some money and data on sending messages. The phishing messages was soon blocked by the Chinese service providers, cut its major spreading channel. Chinese AV vendors all claimed they were “first detected the super Android virus”. And the story came to an end.

Here are some analysis result:

Release an APK, which supports all monitoring functionalities, the main APK only serves infection and spreading.

2852747-1

Screen Shot 2014-08-05 at 12.09.45 PM

Reading SMS:

Screen Shot 2014-08-05 at 5.53.43 PM

Read contacts:

Screen Shot 2014-08-05 at 5.24.42 PM

Scam SMS to all contacts:

Screen Shot 2014-08-05 at 5.55.26 PM

Critical evidence leads to the writer to be arrested:

Screen Shot 2014-08-05 at 5.55.26 PM

Screen Shot 2014-08-05 at 5.54.44 PM

Despite the malware itself, there are two problems exposed:

1. Many users are surprisingly lack of security knowledge: SMS phishing is definitely not a new kind of attack. Also Android will pop up warning when install an APK from Internet. However, so many users still gave it green-light all the way. If this incident happened in US, will the consequence be any better?

2. The reaction of AV vendors was no better than in the PC era. The malware created, spreading and eventually being noticed after the number of victim already exploded. Afterwards the AVs made their “detection tool”, which is still based on signature.

Six month old Trustlook Ranked the Top Mobile Security Application By AVTest

This morning AVTest has published the August benchmark testing result and ranked Trustlook Antivirus one of the top mobile security product (5.5 for protection and 6 for usability).  In its security protecting testing, Trustlook AV successfully detected 99.24% malware/virus. As a six month old mobile security production it is pretty impressive, but we think we can do better in the future.

 

 

Screenshot 2014-08-04 17.15.31
AVTest result