2015 Ohio Information security Forum; Happy Anniversary!!!

Today, July 11th 2015 we are celebrating the 8th year of the forum and all the presenters that have come to our little forum.

Thank you to the speakers for making the journey to our town and sharing their knowledge with us. As a member of the Board for the group, I know I speak for everyone when I say ‘Thank you!’.

Now, hopefully you were directed to this post by following the QR code on the Anniversary cake!

I promise, the cake was definitely not a lie.

The point of this post, along with the other QR codes on the cake is to point out again that these codes, while handy can also be used in malicious ways.

If you are running a Samsung S5, S4, Note3, and possibly other Samsung device. You are vulnerable to an exploit in the way that the KNOX security component of the Samsung Galaxy firmware. It is possible to install an APK by abusing the ‘smdm://’ protocol handler.

This means that an attacker could install any APP on your phone remotely.

(http://www.rapid7.com/db/modules/exploit/android/browser/samsung_knox_smdm_url)

Be happy that I had little time to mess you all! 😉

Here is a video of the exploit in action.

(https://www.youtube.com/watch?v=VKwZflSMxVI)

Happy anniversary OISF!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s