Samsung Galaxy S III, Galaxy S II remote-wipe hack discovered

Samsung Galaxy S III

Yet another reason to curse Samsung for Touchwiz! It was discovered recently by a security researcher Ravi Borgaonkar that how a single line of code can send your Galaxy S III into a non-stoppable data wipe.

The hack was found valid on Touchwiz running devices because Touchwiz allows devices to be factory reset using USSD codes and the way native Samsung browser and dialer apps handle USSD codes.

According to him, this USSD code can be triggered automatically by sending it from a malicious website or using NFC tags or via a QR code. Yes, by simply scanning a QR code or NFC Tag can wipe the entire data from your phone including SD card.

This data wipe USSD code has been found to work on the Samsung Galaxy Beam, Samsung Galaxy S Advance, Samsung Galaxy Ace, and Samsung Galaxy S II.

These USSD codes don’t work on stock Android devices including Samsung made Galaxy Nexus.

What is more scary is that there is another USSD code, which can be clubbed by the attacker along with the data wipe USSD to kill your SIM card (make it unusable).

Here is a video from Ekoparty security conference showcasing this hack:


Samsung is yet to issue a statement in regard to the same. We hope that Samsung issues a patch to fix the same ASAP.

Via


Post Author: Gaurav Shukla

Gaurav Shukla is the editor of AndroidOS.in. If you'd like to reach him, drop an email at 'gaurav@androidos.in' or connect with him on Twitter (@gauravshukla).

2 thoughts on “Samsung Galaxy S III, Galaxy S II remote-wipe hack discovered

    kaushik

    (September 26, 2012 - 1:31 am)

    Samsung should switch to VanillaWiz rather than making their flagship look like a stretched java based Champ with all the CrapWiz stuff.

    JanB

    (September 25, 2012 - 8:14 pm)

    here is the code http://goo.gl/9D4eR

Leave a Reply

Your email address will not be published. Required fields are marked *