Samsung Galaxy S III, Galaxy S II remote-wipe hack discovered

Samsung Galaxy S III

Yet another reason to curse Samsung for Touchwiz! It was discovered recently by a security researcher Ravi Borgaonkar that how a single line of code can send your Galaxy S III into a non-stoppable data wipe.

The hack was found valid on Touchwiz running devices because Touchwiz allows devices to be factory reset using USSD codes and the way native Samsung browser and dialer apps handle USSD codes.

According to him, this USSD code can be triggered automatically by sending it from a malicious website or using NFC tags or via a QR code. Yes, by simply scanning a QR code or NFC Tag can wipe the entire data from your phone including SD card.

This data wipe USSD code has been found to work on the Samsung Galaxy Beam, Samsung Galaxy S Advance, Samsung Galaxy Ace, and Samsung Galaxy S II.

These USSD codes don’t work on stock Android devices including Samsung made Galaxy Nexus.

What is more scary is that there is another USSD code, which can be clubbed by the attacker along with the data wipe USSD to kill your SIM card (make it unusable).

Here is a video from Ekoparty security conference showcasing this hack:

Samsung is yet to issue a statement in regard to the same. We hope that Samsung issues a patch to fix the same ASAP.



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.