Samsung Smartphone Vulnerable to Remote Wipe Hack
Update: Samsung has now responded to the issue, claiming it has issued a software fix for the Galaxy S3.
Security researchers have discovered a single line of code embedded in websites which could wipe all data from your Samsung Galaxy S3 and other smartphones.
Samsung smartphones including the Galaxy S3, Galaxy S2, Galaxy Ace, Galaxy Beam and Galaxy S Advance all appear to be affected by the bug which triggers a factory reset on your phone if your web browser is pointed to a particular website.
Smartphones can also be directed to the code through NFC or using a QR code. Once the process has been initiated, users are have no way of stopping it.
If a user taps an NFC tag which has the website pre-loaded onto it, there will be no warning for the user, which is the same if a user scans a QR code with the website URL embedded in it.
Only Samsung smartphones running the company's proprietary TouchWiz user interface appear to be affected.
According to telecoms engineer Pau Oliva, the Samsung Galaxy Nexus is not affected, as it runs on stock Android and doesn't use the TouchWiz skin on top.
The hack was unveiled at the Ekoparty 2012 security conference in Argentina by Ravi Borgaonkar, a security researcher at the Security in Communications department at Technical University Berlin. As you can see in the video below, the hack was accomplished using a simple USSD code, which could be sent from the infected website.
USSD stands for Unstructured Supplementary Service Data and is the method of sending messages between a phone and an application server. It is the way Samsung has implemented USSD, leaves it vulnerable to exploitation via a single line of malicious code embedded in a website.
According to GSMArena, Samsung currently has over 150 Android smartphones on the market, with almost 100 of these running Android Gingerbread or higher, with this version of the OS having been shown to be vulnerable.
As well as wiping all the data from your phone, the hack can be extended to break the SIM card you have in the phone at the time.
We have contacted Samsung's press office for a comment and they have told us they are looking into the matter.
© Copyright IBTimes 2024. All rights reserved.