Samsung Galaxy S III remote reset exploit discovered

[nsane.forums]

It's not uncommon for security holes to be found in phone handsets, but a very real hole has been discovered that can wipe a Samsung Galaxy S III leaving the user with no choice but to watch and weep.

Sometimes a word or sentence is enough to destroy friendships and relationships. In computing, pressing Y instead of N can create a nightmare for even the most experienced IT Pro. So it would be very frustrating if Samsung allowed a single line of code to be remotely executed, wiping your near full Galaxy S III, wouldn’t it?

Security researchers have discovered that one line of code is all it takes to start an unstoppable factory-reset of the S III, opening the possibilities for malicious websites to completely wipe the handset, restoring it to it’s out of the box experience.

Ravi Borgaonkar showed the hack at the Ekoparty security conference with a simple USSD code. He said that the code could be sent from a website, pushed to the handset by NFC or triggered by a QR code. And it’s not just the Galaxy S III that’s affected; other Samsung handsets are affected too!

The user will see the process taking place, but hitting back won’t stop the reset. The same applies to the QR codes and NFC tags; no warning and no hope of stopping it. And in a double whammy attack, a simple USSD code could be used to kill the SIM, leaving the user with a very expensive PDA.

Samsung devices running TouchWiz devices are all affected; vanilla Android OS installs will not automatically dial the code, leaving the user to intervene at the last moment. But guess what? Samsung’s default setting is to dial the code automatically.

The code has been tested on the Galaxy Beam, S Advance, Galaxy Ace, and Galaxy S II. The Samsung-made Galaxy Nexus, which runs stock Android, has dodged a bullet as is not vulnerable.

View: Original Article

[DKT27]

Samsung remote reset exploit fixed for the Galaxy S III

Samsung has confirmed that a Galaxy S III updated to the latest software version is not vulnerable to the USSD TEL code remote wipe exploit. No word was given regarding other TouchWiz devices

Yesterday we reported that the Samsung Galaxy S III, alongside a number of other TouchWiz devices, is vulnerable to an exploit that can remotely factory reset a user's smartphone through a USSD TEL code. This USSD TEL code could be triggered through malicious code in a website or WAP push SMS, wiping your phone without any prompts to intervene.

Today Samsung confirmed that the remote reset exploit has "already been resolved" in the latest software update, suggesting that if you currently have the latest software version you are safe from a malicious wipe. Here's the full statement:

We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.

This statement doesn't mention the other devices affected such as the Galaxy S II, Galaxy Beam or Galaxy Ace, suggesting that the vulnerability is still active in the most up-to-date OS versions on these devices. Samsung Belgium has stated via Twitter that a firmware fix is in the works for the Galaxy S II, although there is no mention of a time frame other than it will be an OTA update. We assume something is in the works for the other affected devices as well.

If you do have an affected device that hasn't been patched yet through a software update, there is an app currently available on the Google Play Store that claims to solve the problem. TelStop adds a second option for the phone whenever a USSD TEL code is used, allowing you to select the application rather than the Phone app by default, meaning you can intervene before it's too late. If you have an unpatched TouchWiz device, it's probably best to install it as a precaution.

View: Original Article

[Tweety.Abd]

This issue affects only those who are on stock firmware and stock-based custom ROMs. AOSP ROMs (CyanogenMod, AOKP, etc.) are not affected by the problem.