Special text message makes Samsung phones restart over and over

Security experts from the British IT security company Context Information Security have shown that Samsung phones can be made to restart over and over if a special text message is sent to them via a mobile phone linked to a computer.

Samsung was informed of this in June of last year and issued updates to the Galaxy phones affected in November.

But the security experts were surprised to find the vulnerabilities to begin with.

»It was to be expected that there are bugs in software and that these bugs are found and fixed. But some of the bugs we mention in the blog post were due to security elements in the specifications that were just not implemented. And that was a surprise to us,« says Tom Court from the team of experts.

Related to Wireless Data Protocol (WDP)

The vulnerabilities in the Samsung phones are related to the way that the Wireless Data Protocol (WDP), part of the Wireless Application Protocol (WAP), established in 1999, is handled.

The security bug hunters from Context Information Security have looked into WAP Push messages. They are transported via WDP and make it possible to push content to units that only require a minimum of or no user interaction at all.

The bug hunters note in a blog post about the vulnerability that WAP is a 17 year old technology whose code needs 30 pages to be specified, and using that to send data to a phone with no user interaction is a situation that is begging to be looked into.

The bug hunters initially tested if they could make a phone automatically connect to a WIFI hotspot defined by an attacker by sending a bug via the WAP Push messages but during their research the Samsung phone began restarting over and over.

The bug could only be made to work on relatively old Samsung phones - S4, S4 Mini, S5 and Note 4 - and not the new S6 and S7 models. But that does not mean the vulnerability does not exist in other phones that were not tested.