Older Samsung devices are vulnerable to a remote attack that makes the devices reboot over and over, according to security researchers.
Context Information Security researchers identified a bug in Samsung Galaxy S4, S4 Mini, S5 and Note 4 models that allows malicious code to be sent in an SMS and execute without a user action, Help Net Security reports.
“Given the reversible nature of this attack (a second SMS could be sent that restored the device to its unbroken state) it does not require much imagination to construct a potential ransomware scenario for these bugs,” the researchers wrote.
A user could stop an infected device from rebooting, but it requires a factory reset that would erase all the device’s data.
Researchers notified the Samsung security teams, which released patches in November.