Well this is quite the troubling development. It appears the security of some of Samsung’s Galaxy/Galaxy S phones have been brought into question as a recently-discovered hack could have users frantic. The exploit allows a website to run a USSD code via the browser that will send instructions to the phone to wipe it completely clean.
According to researchers, even the SIM card could be destroyed by using this method. The factory reset process is irreversible, so should a user find themselves in this unfortunate situation they’d have no choice but to let it commence.
The vulnerability is said to only work on certain Samsung TouchWiz devices, with the Samsung Galaxy S3, Galaxy S2, Galaxy Beam, Galaxy Ace, and Galaxy S Advance confirmed to have the exploit.
Furthermore, the exploit can be triggered by NFC or via the scanning of a QR code — this means an unsuspecting soul could be led to believe they’ll be taken to one site, and before you know it their phone’s data is being flushed down the toilet.
Thankfully the exploit is being showcased at the Ekoparty security conference. This is a favorable development because it likely means Samsung was warned ahead of time, and that they could possibly already be working on a fix. And even if they haven’t been notified by the researchers who have discovered the exploit we’re sure they’re about to be a lot more aware.
Imagine the disastrous impact this would have on a business user on the go, or just anyone who hasn’t backed their data up because they never thought their phone’s data would be wiped out by nonsense.
It’s a scary situation to think of and we’re certain Samsung would agree. Note that only Samsung handsets with TouchWiz are said to be affected — this does not appear to be an exploit found at the root of Android. Watch a quick video demo of the exploit being performed above. [via SmartDroid]
- Samsung Galaxy S III deal
- Samsung Galaxy S line evolution in GIF form
- Cryptophone detects fake cell towers
- LG G3 prevents unauthorized wipes
TAGS: hacks , Samsung Galaxy S3 , security