Samsung Responds to Smartphone Hack
Issues OTA update for Galaxy S3
Samsung says it has fixed the smartphone hack which saw many of its smartphones vulnerable to being remotely wiped by simply visiting a website.
In a statement sent to IBTImes UK, Samsung said:
"We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service."
However, we checked our Galaxy S3 this morning and found that no software update was available for us to download. We have been back in touch with Samsung about this and are awaiting a reply.
Samsung smartphones which were using Samsung's proprietary user interface, called TouchWiz, on Android smartphones were vulnerable to having all the data stored on their smartphone remotely wiped by simpy visiting a particular website, which featured a single line of malicious code.
While Samsung only mentioned the Galaxy S3 in its statement, it was shown yesterday that a lot more Samsung smartphones were vulnerable, including the Galaxy S3, Galaxy S2, Galaxy Ace, Galaxy Beam and Galaxy S Advance. We have asked Samsung if it is confirming these other devices are also vulnerable and if updates will be available for them.
The malicious code triggers a factory reset on your phone if your web browser is pointed to a particular website with the single line of code embedded.
Single line of code
The hack was unveiled at the Ekoparty 2012 security conference in Argentina by Ravi Borgaonkar, a security researcher at the Security in Communications department at Technical University Berlin. The hack was accomplished using a simple USSD code, which could be sent from the infected website.
USSD stands for Unstructured Supplementary Service Data and is the method of sending messages between a phone and an application server. It is the way Samsung has implemented USSD, leaves it vulnerable to exploitation via a single line of malicious code embedded in a website.
Only Samsung smartphones running the company's proprietary TouchWiz user interface appear to be affected.
According to telecoms engineer Pau Oliva, the Samsung Galaxy Nexus is not affected, as it runs on stock Android and doesn't use the TouchWiz skin on top.
© Copyright IBTimes 2024. All rights reserved.