You can install ransomware on a Samsung Galaxy by sending it an SMS


Originally published at:


I guess this is why Trump is still using a Galaxy S3.


“Oh, Samsung, will you never win?”

       لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ

(Nothing excuses Samsung’s adventures in software; but it turns out that running a general purpose computer that accepts strings from just anybody is a pretty tricky problem.)


:laughing: Let’s be careful not to overuse this one.


Let’s hope nobody sends one of those SMS messages to trump and turn his phone into a bug.

Can you imagine the fallout from that?


So how do we tell if the fix has been installed (other than getting somebody to send us an evil SMS)?
Samsung abandoned Galaxy 4 and 4mini owners at 4.4.2, not giving us 5.x Android updates.
Is that what the recent partial upgrade AT&T pushed to my phone is about, or was that newer bugs?


Not at all certain that this is restricted to Samsung phones. The ‘Bugs’ section of the original disclosure says:

The devices we had to hand for our research were a series of Samsung Galaxy devices and so the remainder of this blog will be Samsung-centric. It is left as an exercise for the reader to investigate how this technology is handled by other vendors! (emphasis mine)


“Samsung have now released a security update that addresses these amongst other vulnerabilities and as is our usual advice, it is recommended that users prioritise the installation of these updates.

And there’s the root of the problem


I’ll imagine it from my bunker…

closed #11

This topic was automatically closed after 5 days. New replies are no longer allowed.