Samsung Galaxy

Samsung has patched a combo of four security flaws that affected Galaxy handsets that an attacker could have combined and used to put devices in endless reboot loops or hijack handsets for ransomware.

Discovered by mobile security researchers from Context Information Security, these four bugs are exploitable via the ancient 17-years-old WAP protocol, still supported in modern-day smartphones.

Developed in 1999 and used to grant customers access to the Internet in the early days of mobile networks, the protocol also includes various other functions, such as the ability to send configuration files to the user's phone, in the form of SMS text messages.

Researchers put phones in endless reboot loop

Context IS researchers discovered that some Samsung Galaxy smartphones accepted these configuration messages, ignoring authentication, and blindly applying the instructions they received.

In lab tests, researchers used the various bugs they discovered (CVE-2016-7988, CVE-2016-7989, CVE-2016-7990, and CVE-2016-7991) to ruin a phone's WiFi settings, eventually leading to a Denial-of-Service (DoS) state, where the device crashed and rebooted in an endless loop unless a specific configuration file was removed from the phone.

All of this was possible just by sending a WAP configuration message via SMS, which the phone read and executed with no user interaction.

Researchers said they successfully reproduced the attack on Samsung Galaxy S4, S4 Mini, S5 and Note 4 devices.

S6 and S7 devices were vulnerable to these bugs only if the user had installed a malicious app on their devices before the attack.

Context IS also points out that despite the age of some of these Galaxy handsets, many are still in use today, and even extremely popular across the globe.

Samsung Galaxy devices still very popular

Bugs could be used for ransomware and other attacks

According to the research team, this was only one of the attack scenarios they explored, as the WAP bugs could be exploited for more destructive and nefarious attacks.

"Given the reversible nature of this attack (a second SMS could be sent that restored the device to its unbroken state) it does not require much imagination to construct a potential ransomware scenario for these bugs," said Tom Court and Neil Biggs, the two Context IS security researchers behind this discovery.

Furthermore, this WAP attack scenario could be easily ported to target other device models from different smartphone vendors, not just Samsung's Galaxy line.

The South Korean phone manufacturer patched against these bugs via a security update released in November 2016.

Related Articles:

iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo

Flaws in Popular SSD Drives Bypass Hardware Disk Encryption