Well this is quite the troubling development. It appears the security of some of Samsung’s Galaxy/Galaxy S phones have been brought into question as a recently-discovered hack could have users frantic. The exploit allows a website to run a USSD code via the browser that will send instructions to the phone to wipe it completely clean.
According to researchers, even the SIM card could be destroyed by using this method. The factory reset process is irreversible, so should a user find themselves in this unfortunate situation they’d have no choice but to let it commence.
The vulnerability is said to only work on certain Samsung TouchWiz devices, with the Samsung Galaxy S3, Galaxy S2, Galaxy Beam, Galaxy Ace, and Galaxy S Advance confirmed to have the exploit.
Furthermore, the exploit can be triggered by NFC or via the scanning of a QR code — this means an unsuspecting soul could be led to believe they’ll be taken to one site, and before you know it their phone’s data is being flushed down the toilet.
Thankfully the exploit is being showcased at the Ekoparty security conference. This is a favorable development because it likely means Samsung was warned ahead of time, and that they could possibly already be working on a fix. And even if they haven’t been notified by the researchers who have discovered the exploit we’re sure they’re about to be a lot more aware.
Imagine the disastrous impact this would have on a business user on the go, or just anyone who hasn’t backed their data up because they never thought their phone’s data would be wiped out by nonsense.
It’s a scary situation to think of and we’re certain Samsung would agree. Note that only Samsung handsets with TouchWiz are said to be affected — this does not appear to be an exploit found at the root of Android. Watch a quick video demo of the exploit being performed above. [via SmartDroid]
I blame this on the replacement refs. Jerks.
If this wipes one of the replacement refs’ phones, they’ll probably signal a touchdown.
Lol we might as well throw this season out. Not like many accurate calls have been made anyway.
The replacement refs are responsible for all of the wrongs in the world.
+1000! It was *obviously* a home-run.
Wait…what?
This is Apples new method of attack.
I wish that were true. Finding actual dangerous exploits on a competitor’s phone and disclosing them is a far more honorable of an attack than their current plan. This helps consumers and ultimately creates a safer mobile environment.
I would like to agree with you however, craple don’t have the technology they are way behind its ridiculous how it took them “two years” to design the fricking headsets.That designer would have been fired working for Samsung seriously two years?
More of a reason to stop putting touchwiz on phones.
Correction: more of a reason to stop putting ANY “skin” on Android
Oh, I completely agree, just was trying to stay on topic.
I do believe the topic was, or at least became, the replacement refs. lmao
Heh…
Looks like I may get to Root and and put AOKP_JB on my wife’s SIII after all…
*grin*
Thanks, hackers!
I think I would know if some fool following me around holding his phone within a foot away from my front pocket trying to activate my phone! Besides, I don’t have my NFC running all day, only when I need to use it. The QR, make sure nobody has stuck a new QR sticker over the printed one code on the advertisement you trying to scan or simply don’t go around scanning QR codes for no reason.
Does not work on Galaxy S3 with Jelly Bean. But works with S2 with ICS and also on HTC one X
Even more glad now that I stuck with un-skinned phones.
Website is registered to Apple no doubt ;-)
Apple probably paid for someone to make it.
Never heard of it. Probably never happens in the real world.
This code was written by an Apple employee. Damned if i could find it now, but i read something along these lines from an apple security team member about a month ago.
Just confirmed it for kicks on Samsung Galaxy S vibrant.
This is all Android from manufacturers which utilize USSD codes for factory wipe – it has been verified on HTC and Samsung phones. It’s not just a Samsung thing, in fact Samsung knew about this over a month ago and fixed it already before it was announced for the S3. Just update to the latest stock ROM for the S3 and you’re fine. HTC on the other hand…..