Samsung: Galaxy S III remote wipe flaw is already patched

Sep 26, 2012
2

Galaxy S III owners running the latest software are not susceptible to a factory-reset hack that could maliciously wipe the phone, Samsung says, with a recent patch blocking the exploit. Security researchers identified a flaw in how Samsung TouchWiz devices handled so-called USSD codes, with the potential for rogue websites to push a factory-reset code to the smartphone which required no user-confirmation to enact.

The fear, the researchers argued, was that a QR or NFC reader app set to automatically load URLs could automatically take the Samsung device to a page hosting the USSD trigger, should the user inadvertently scan it. A more complex variation of the attack could also include remotely blocking the SIM card in the handset.

However, testing of the exploit revealed mixed results, with some able to replicate the researchers' findings on the Galaxy S III, but others unable to. That appears to be down to what version of the phone's firmware you're running, with Samsung recently filling in the security gap with an OTA update.

"We would like to assure our customers that the recent security issue concerning the GALAXY S III
has already been resolved through a software update" Samsung told SlashGear today. "We recommend all GALAXY S III customers to download the latest software update, which can be done
quickly and easily via the Over-The-Air (OTA) service."

It's not clear whether other Samsung devices using TouchWiz have also been patched; we're waiting on clarification from Samsung. However, the advice as always is to be wary of clicking on unknown links, and consider using a browser other than Android's default, as Chrome and others proved to be not susceptible to the USSD exploit.


Must Read Bits & Bytes