Potential security hole found in some SMS applications on Chinese phones


android trojan

A french blogger has discovered a new bug that is affecting quite some Mediatek based phones and could be a potential security hole. If affected phones receive a SMS containing a “=”, they will shut down and reboot immediately.

French tech blog wiity.net has already begun creating a list of affected devices. So far it appears that quite some Wiko phones are affected by the problem, as well as the Fairphone and some phones from Acer and Alcatel’s OneTouch series. As Alcatel phones are made by Chinese phone maker TCL, it is likely that some TCL phones are affected as well.

Gizchina News of the week


This rather annoying issue doesn’t seem to be a threat by itself but could be used as a potential security hole if not patched correclty with firmware updates. Apparently using a third part SMS application fixes the issue. See the issue in action in the video below.

This is the second potential security issue to arise in the past week to do with Chinese made phones, however it doesn’t appear that anyone with either issue has been but at risk yet.

[SOURCE]

Disclaimer: We may be compensated by some of the companies whose products we talk about, but our articles and reviews are always our honest opinions. For more details, you can check out our editorial guidelines and learn about how we use affiliate links.

Previous OnePlus on 'yellowish screens' and production plans for the One
Next Huawei hits 1million target in a month with the Ascend P7

46 Comments

  1. utente998
    June 23, 2014

    thl phones vulnerable too…just tried and had a reboot

  2. Adam Irvine
    June 23, 2014

    THL Seem to be affected also, my Girlfriends THL W100 just rebooted from a ‘=’ text message from my phone…

    I hope some sort of fix comes out for this pretty quick… It’s a bit of a worry really… What else can be done via this sort of exploit..? :S

    — Note – On the THL W100 and a THL W8s (both of which are affected) The data connection is turned off and the screen timeout gets reset to default when they boot back up…

    • simon
      June 25, 2014

      Thl w8s sms= = reboot as well. My data connection is only on for my secondary sim and that stayed on after reboot. Didn’t notice any screen timeout change, mine is set to 1 minute not sure if that is default.

      Obviously a bug in the twin sim aware SMS app common on these mtk based ROMs.

      Any suggestions on best twin sim aware alternative sms app?

      Cheers

  3. Jerry
    June 23, 2014

    Cubot too

  4. Adam Irvine
    June 23, 2014

    Switching to Hangouts sorts it 🙂

    Just rang around 5 people and told them all to change, everybody happy now 🙂

    Thanks for exposing this!!!!

    • mfmx
      June 24, 2014

      Except Hangouts doesn’t handle two SIM-cards.

    • oc
      June 25, 2014

      Sorts this vulnerability…

      But guess where it lies it, and the tons of other vulnerabilities that might be hidden inside the kernel of this MEDIATEK crappy chipsets…

      Remember why they refuse to embrace Open Source whentalking about kernel sourcing…

      MEDIATEK, is the spying hardware dream come true.

  5. Aleksandar Opačić
    June 23, 2014

    Jiayu G3n also affected. I have this phone for over a year and haven’t yet received a SMS with = . Funny 🙂

  6. junior_poa
    June 23, 2014

    Kkkkkkkkkk reboot here..
    XiaoCai X9

  7. POY
    June 23, 2014

    Damn, my w8s has this happen to it.

    My coworker just sent 400 texts with it to me, why did I tell him

    • Brooklyn701
      June 24, 2014

      LOL … epic co-worker… 🙂

    • June 24, 2014

      haha 😀

      • OC
        June 25, 2014

        Apparently just the MT6589 and T chipsets…

        This is something big, millions of people data might be unsafe because of these vulnerabilities, it´s not coincidence the factory malware that appeared on many Mediatek devices recently like the Star smartphones, etc…

        This is big stuff andi…

  8. utente998
    June 23, 2014

    thl phones vulnerable too…just tried and had a reboot

  9. Adam Irvine
    June 23, 2014

    THL Seem to be affected also, my Girlfriends THL W100 just rebooted from a ‘=’ text message from my phone…

    I hope some sort of fix comes out for this pretty quick… It’s a bit of a worry really… What else can be done via this sort of exploit..? :S

    — Note – On the THL W100 and a THL W8s (both of which are affected) The data connection is turned off and the screen timeout gets reset to default when they boot back up…

    • simon
      June 25, 2014

      Thl w8s sms= = reboot as well. My data connection is only on for my secondary sim and that stayed on after reboot. Didn’t notice any screen timeout change, mine is set to 1 minute not sure if that is default.

      Obviously a bug in the twin sim aware SMS app common on these mtk based ROMs.

      Any suggestions on best twin sim aware alternative sms app?

      Cheers

  10. Guest
    June 23, 2014

    Cubot too

  11. Adam Irvine
    June 23, 2014

    Switching to Hangouts sorts it 🙂

    Just rang around 5 people and told them all to change, everybody happy now 🙂

    Thanks for exposing this!!!!

    • mfmx
      June 24, 2014

      Except Hangouts doesn’t handle two SIM-cards.

    • Guest
      June 25, 2014

      Sorts this vulnerability…

      But guess where it lies it, and the tons of other vulnerabilities that might be hidden inside the kernel of this MEDIATEK crappy chipsets…

      Remember why they refuse to embrace Open Source whentalking about kernel sourcing…

      MEDIATEK, is the spying hardware dream come true.

  12. Aleksandar Opačić
    June 23, 2014

    Jiayu G3n also affected. I have this phone for over a year and haven’t yet received a SMS with = . Funny 🙂

  13. Guest
    June 23, 2014

    Kkkkkkkkkk reboot here..
    XiaoCai X9

  14. POY
    June 23, 2014

    Damn, my w8s has this happen to it.

    My coworker just sent 400 texts with it to me, why did I tell him

    • Guest
      June 24, 2014

      LOL … epic co-worker… 🙂

    • Andi Sykes
      June 24, 2014

      haha 😀

    • Guest
      June 25, 2014

      Apparently just the MT6589 and T chipsets…

      This is something big, millions of people data might be unsafe because of these vulnerabilities, it´s not coincidence the factory malware that appeared on many Mediatek devices recently like the Star smartphones, etc…

      This is big stuff andi…

  15. Paul
    June 24, 2014

    Vivo xplay 3s is safe

    • June 24, 2014

      Yep, I think it is only a problem with Mediatek devices.

      • OC
        June 25, 2014

        Andi, it realates to the spykernel of the Mediatek chipsets.

        You can start the news, I connected the dots, refusing to share the kernel sources is the big question.

        There they must lie this and many other vulnerabilities hidden to the public eye.

  16. June 24, 2014

    Tried it with my ZTE Blade. Didn’t reboot.

  17. Fernando
    June 24, 2014

    Hello,

    Tried with my Zopo 990 (old quad core), also affected 🙁
    Using SIM1 to sent the SMS “=” to SIM2, and it did reboot…
    Like someone said before (I never received an SMS with “=” lol)

    Regards.

    Fernando.

  18. Guest
    June 24, 2014

    Vivo xplay 3s is safe

    • Andi Sykes
      June 24, 2014

      Yep, I think it is only a problem with Mediatek devices.

    • Guest
      June 25, 2014

      Andi, it realates to the spykernel of the Mediatek chipsets.

      You can start the news, I connected the dots, refusing to share the kernel sources is the big question.

      There they must lie this and many other vulnerabilities hidden to the public eye.

  19. maxcady360
    June 24, 2014

    Tried it with my ZTE Blade. Didn’t reboot.

  20. Guest
    June 24, 2014

    Hello,

    Tried with my Zopo 990 (old quad core), also affected 🙁
    Using SIM1 to sent the SMS “=” to SIM2, and it did reboot…
    Like someone said before (I never received an SMS with “=” lol)

    Regards.

    Fernando.

  21. Jeep
    June 24, 2014

    iOcean X7 Youth also reboot. Sent = to myself: complete reboot.

  22. Guest
    June 24, 2014

    iOcean X7 Youth also reboot. Sent = to myself: complete reboot.

  23. billybloggs
    June 25, 2014

    Jiayu G4S Octacore unaffected sent the text from another mobile, no problem

  24. 3_nity
    June 25, 2014

    My JIAYU G5 also affected. 🙁

  25. billybloggs
    June 25, 2014

    Jiayu G4S Octacore unaffected sent the text from another mobile, no problem

  26. 3_nity
    June 25, 2014

    My JIAYU G5 also affected. 🙁

  27. June 25, 2014

    Jiake P6: vulnerable

  28. Yash Garg
    June 25, 2014

    Jiake P6: vulnerable

  29. kzm
    June 26, 2014

    my thl w8 does not reboot

  30. kzm
    June 27, 2014

    my thl w8 does not reboot