Samsung Galaxy S III, Galaxy S II remote-wipe hack discovered

Samsung Galaxy S III

Yet another reason to curse Samsung for Touchwiz! It was discovered recently by a security researcher Ravi Borgaonkar that how a single line of code can send your Galaxy S III into a non-stoppable data wipe.

The hack was found valid on Touchwiz running devices because Touchwiz allows devices to be factory reset using USSD codes and the way native Samsung browser and dialer apps handle USSD codes.

According to him, this USSD code can be triggered automatically by sending it from a malicious website or using NFC tags or via a QR code. Yes, by simply scanning a QR code or NFC Tag can wipe the entire data from your phone including SD card.

This data wipe USSD code has been found to work on the Samsung Galaxy Beam, Samsung Galaxy S Advance, Samsung Galaxy Ace, and Samsung Galaxy S II.

These USSD codes don’t work on stock Android devices including Samsung made Galaxy Nexus.

What is more scary is that there is another USSD code, which can be clubbed by the attacker along with the data wipe USSD to kill your SIM card (make it unusable).

Here is a video from Ekoparty security conference showcasing this hack:


Samsung is yet to issue a statement in regard to the same. We hope that Samsung issues a patch to fix the same ASAP.

Via

2 comments

  1. Samsung should switch to VanillaWiz rather than making their flagship look like a stretched java based Champ with all the CrapWiz stuff.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s