GET THE APP:  CURRENTLY HOT:   Galaxy S5 Review HTC One M8 Review OnePlus One

New malicious hack would allow a website to wipe certain Galaxy S devices clean with irreversible effects [VIDEO]

Well this is quite the troubling development. It appears the security of some of Samsung’s Galaxy/Galaxy S phones have been brought into question as a recently-discovered hack could have users frantic. The exploit allows a website to run a USSD code via the browser that will send instructions to the phone to wipe it completely clean.

According to researchers, even the SIM card could be destroyed by using this method. The factory reset process is irreversible, so should a user find themselves in this unfortunate situation they’d have no choice but to let it commence.

The vulnerability is said to only work on certain Samsung TouchWiz devices, with the Samsung Galaxy S3, Galaxy S2, Galaxy Beam, Galaxy Ace, and Galaxy S Advance confirmed to have the exploit.

Furthermore, the exploit can be triggered by NFC or via the scanning of a QR code — this means an unsuspecting soul could be led to believe they’ll be taken to one site, and before you know it their phone’s data is being flushed down the toilet.

Thankfully the exploit is being showcased at the Ekoparty security conference. This is a favorable development because it likely means Samsung was warned ahead of time, and that they could possibly already be working on a fix. And even if they haven’t been notified by the researchers who have discovered the exploit we’re sure they’re about to be a lot more aware.

Imagine the disastrous impact this would have on a business user on the go, or just anyone who hasn’t backed their data up because they never thought their phone’s data would be wiped out by nonsense.

It’s a scary situation to think of and we’re certain Samsung would agree. Note that only Samsung handsets with TouchWiz are said to be affected — this does not appear to be an exploit found at the root of Android. Watch a quick video demo of the exploit being performed above. [via SmartDroid]

Continue reading on the Samsung Galaxy S3 forums, see the specs, or find news and reviews.




  • Rad Stevens

    I blame this on the replacement refs. Jerks.

    • johnny989

      If this wipes one of the replacement refs’ phones, they’ll probably signal a touchdown.

      • Crimsonshadow774

        Lol we might as well throw this season out. Not like many accurate calls have been made anyway.

    • Go Hawkeyes

      The replacement refs are responsible for all of the wrongs in the world.

    • PC_Tool

      +1000! It was *obviously* a home-run.

      Wait…what?

  • Rdfry

    This is Apples new method of attack.

    • Bennett Kanuka

      I wish that were true. Finding actual dangerous exploits on a competitor’s phone and disclosing them is a far more honorable of an attack than their current plan. This helps consumers and ultimately creates a safer mobile environment.

    • Gus

      I would like to agree with you however, craple don’t have the technology they are way behind its ridiculous how it took them “two years” to design the fricking headsets.That designer would have been fired working for Samsung seriously two years?

  • CiDhed

    More of a reason to stop putting touchwiz on phones.

    • Bennett Kanuka

      Correction: more of a reason to stop putting ANY “skin” on Android

      • CiDhed

        Oh, I completely agree, just was trying to stay on topic.

        • William Young

          I do believe the topic was, or at least became, the replacement refs. lmao

  • PC_Tool

    Heh…

    Looks like I may get to Root and and put AOKP_JB on my wife’s SIII after all…

    *grin*

    Thanks, hackers!

  • Juan Carlos Contreras

    I think I would know if some fool following me around holding his phone within a foot away from my front pocket trying to activate my phone! Besides, I don’t have my NFC running all day, only when I need to use it. The QR, make sure nobody has stuck a new QR sticker over the printed one code on the advertisement you trying to scan or simply don’t go around scanning QR codes for no reason.

  • http://twitter.com/kaulvimal Vimal Kaul

    Does not work on Galaxy S3 with Jelly Bean. But works with S2 with ICS and also on HTC one X

  • http://www.facebook.com/archercc Ryan Stewart

    Even more glad now that I stuck with un-skinned phones.

  • samagon

    Website is registered to Apple no doubt ;-)

  • disqus_GimvyCZ7No

    Apple probably paid for someone to make it.

  • Nick_Lopez_Loya

    Never heard of it. Probably never happens in the real world.

  • timothy

    This code was written by an Apple employee. Damned if i could find it now, but i read something along these lines from an apple security team member about a month ago.

  • Brian Johnston

    Just confirmed it for kicks on Samsung Galaxy S vibrant.

  • jerdog76

    This is all Android from manufacturers which utilize USSD codes for factory wipe – it has been verified on HTC and Samsung phones. It’s not just a Samsung thing, in fact Samsung knew about this over a month ago and fixed it already before it was announced for the S3. Just update to the latest stock ROM for the S3 and you’re fine. HTC on the other hand…..