14 DAY TRIAL // It appears that some smartphones are vulnerable to being rebooted remotely by sending a simple command via a short text message.
The security risk involved is present after the reboot, when the devices seems to no longer ask for the PIN code, which allows a thief to gain access to stored data unhindered.
The flaw has been made public (French) by Manuel Dorne, a French blogger who uses the online handle Korben, in a post on his website.
The trick consists in simply sending an SMS to a Wiko phone containing only the “=” character (without the quotes). According to the demonstration of the blogger, this is sufficient for the targeted terminal to trigger the reboot routine as soon as the message is received.
Wiko phones are built by Chinese maker Tinno, that makes the devices according to the specifications received from the French retailer. They are low-cost products that run on the Android platform.
The bug does not seem to be affecting other brands, and it performs a soft reset of the device.
According to the blogger and various responses from users, the trick is valid at least for Darkside and Cink models of Wink phones, even if they have a custom ROM, such as the one provided by CyanogenMod.
This leads to the conclusion that the problem is hardware-related and, as such, other Tinno-made devices could be vulnerable to the bug.
Check out Korben's demo (French):