Mediatek-based phones facing a potential security hole

 

French blogger Korben has discovered that certain smartphones with Mediatek chipsets seem to shut down and reset themselves upon receiving an equals symbol “=” (without the quotation marks) via text message.

This is not so much a security hole in that there is a risk of data being compromised, but it makes phones vulnerable to remote attacks because being repeatedly spammed with the equals symbol could render a user’s phone unusable, or receiving such a text message during a phone call could terminate the call.

An incomplete list of smartphones affected by the flaw is available below:

  • Wiko Stairway
  • Wiko Darkmoon
  • Wiko Dark Side
  • Wiko Darknight
  • Wiko Iggy
  • Wiko Ozzy
  • Wiko Darfull
  • Wiko Cink King
  • Wiko Cink Five
  • Wiko Cink Peax
  • Wiko Cink Peax 2
  • Wiko Cink Slim
  • Alcatel One Touch Idol X
  • Alcatel One Touch Idol Ultra
  • Alcatel One Touch 997D
  • Alcatel One Touch Pop C3 (4033D)
  • Alcatel One Touch S-Pop (4030D)
  • Alcaltel One Touch Star (6010D)
  • Zopo ZP950
  • Acer Liquid E 2 DUO
  • Fairphone
  • Archos 40 Titanium

You can test if your own Mediatek-based smartphone is susceptible by messaging an equals symbol to yourself.

According to the blog wiity, the solution to this is fairly simple, in that all the user has to do is download an alternative messaging app to handle SMS messages rather than use the standard one that comes with the phones. Still, this is an extremely strange flaw that could prove to be a major hassle if an attacker attempts to exploit it.

Korben discusses and demonstrates the flaw in the video below:

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s