Hello and welcome to our community! Is this your first visit?
Register
Reigster at Galaxy S3 Forums
Page 1 of 2 12 LastLast
Results 1 to 10 of 14
Like Tree1Likes

Thread: Major Security Flaw in TW: Good Reason to Root/Rom Your S3

  1. #1
    Super Moderator spodoc's Avatar
    Join Date
    Jun 2012
    Posts
    4,502
    Member #
    305
    Liked
    2860 times
    Device
    United States SCH-I535

    Major Security Flaw in TW: Good Reason to Root/Rom Your S3

    Read this on twitter this morning: "the USSD code to factory data reset a Galaxy S3 is..." and "this will hard reset the phone, no user confirmation needed." It's been reported by Droid Life and others. I'm not interested in sourcing this to figure out who to credit for the uncovering this and obviously I'm leaving out the specific code from the tweet (go find it yourself if you care too).

    Entering the code will reset MANY/MOST of Samsung's current phones (including S3). It can be activiated via HTML on CERTAIN phones (e.g. d2att is reported right now). What does this mean? A malicious user could reset your phone by tricking you into clicking a link, QR code, or NFC. Will this be patched? I'm sure at some point.

    As far as I can tell, this affects stock and TW roms only. AOSP phones are not reported to have this flaw. I will test later tonight when I get my internal SD card pictures and movies moved off. I'm sure most folks would be inconvienced at worst, but some folks could really suffer from an uninteded reset.

    My advice, don't panic, back your stuff up, and proceede with caution. I doubt many malicious sites will crop up just to slay the S3, but you know those apple fanboys (kidding). I'll update with info when I can try it on my phone.

    Edit: Some users have reported this as an old issue. It is not. I just performed the reset by entering the USSD code on a stock, updated phone. It wipes your data and cache, but not your internal SD card for those wondering. Your custom recovery is also left in tact.

    Edit 2: You can type *2767*3855# in your dialer and it WILL reset your phone without asking you to confirm. This happens on stock d2vzw and beans 11. I can't determine if this can be invoked by inserting this string into html code. I tried to insert it into the frame source myself, but couldn't make it happen. Then again, I'm only a casual html programmer so this proves/disproves nothing. If it's not been patched for your phone, then a person could make a web page w/ the code and then just send you a wap push sms and you are reset.

    Folks, read up if you care to. Probably much to do about nothing, but back to AOKP I go. Just trying to help
    Last edited by spodoc; 09-25-2012 at 08:01 PM.

  2. #2
    Developer Miller6386's Avatar

    Join Date
    Aug 2012
    Location
    Beer Tent Capital of The World
    Posts
    5,961
    Member #
    1730
    Liked
    2548 times
    Twitter
    CoreyFMiller
    Device
    other
    This was an older issue.. They have already fixed this issue on an update a little while ago.. I read it this morning also and am not sure why it is surfacing again as Samsung was aware of the issue and took the appropriate measures to rectify this....

  3. #3
    Member DrewJW's Avatar
    Join Date
    Sep 2012
    Location
    UK
    Posts
    68
    Member #
    2251
    Liked
    6 times
    And I am sure you could just install Chrome, and avoid using the inbuilt browser and be fine?

  4. #4
    Super Moderator spodoc's Avatar
    Join Date
    Jun 2012
    Posts
    4,502
    Member #
    305
    Liked
    2860 times
    Device
    United States SCH-I535
    Quote Originally Posted by Miller6386 View Post
    This was an older issue.. They have already fixed this issue on an update a little while ago.. I read it this morning also and am not sure why it is surfacing again as Samsung was aware of the issue and took the appropriate measures to rectify this....
    Yeah, when I read the tweet I was skeptical. But then when Droid-life reported it today, it seemed like a current issue. Maybe it wasn't patched on ALL phones? I didn't pay attention to Samsung until I got my S3. Was this an issue on other phones before the S3?

    Edit: http://www.droid-life.com/2012/09/25...ust-one-click/
    Edit2: Biased guy reports site discussed it today as well: http://www.bgr.com/2012/09/25/samsun...security-flaw/
    Last edited by spodoc; 09-25-2012 at 12:17 PM.

  5. #5
    Super Moderator spodoc's Avatar
    Join Date
    Jun 2012
    Posts
    4,502
    Member #
    305
    Liked
    2860 times
    Device
    United States SCH-I535
    Quote Originally Posted by DrewJW View Post
    And I am sure you could just install Chrome, and avoid using the inbuilt browser and be fine?
    The report was that NC and QR could be exploits also.

  6. #6
    Developer Miller6386's Avatar

    Join Date
    Aug 2012
    Location
    Beer Tent Capital of The World
    Posts
    5,961
    Member #
    1730
    Liked
    2548 times
    Twitter
    CoreyFMiller
    Device
    other
    Quote Originally Posted by spodoc View Post
    Yeah, when I read the tweet I was skeptical. But then when Droid-life reported it today, it seemed like a current issue. Maybe it wasn't patched on ALL phones? I didn't pay attention to Samsung until I got my S3. Was this an issue on other phones before the S3?

    Edit: TouchWiz Has a Major Security Flaw that Allows Factory Resets With Just One Click – Droid Life
    It originally became an issue with the S2... Any phones purchased new from VZW with the update sticker on the box received it... Not sure on the other models but I know all US carriers had got an update at some point that addressed this... Most of the time in the changelog it is only listed as "Various Security Updates."

  7. #7
    Super Moderator spodoc's Avatar
    Join Date
    Jun 2012
    Posts
    4,502
    Member #
    305
    Liked
    2860 times
    Device
    United States SCH-I535
    I'm going to try the code tonight out of curiosity. Will try on stock and on AOKP. Still backing up several GB of internal SD of wifi.

  8. #8
    Senior Member sauspud's Avatar
    Join Date
    May 2012
    Location
    Epsom, UK
    Posts
    315
    Member #
    46
    Liked
    77 times
    Twitter
    @sauspud
    Fine in UK version as we had this fixed ages ago.
    DrewJW likes this.
    Sent from My Samsung Galaxy S III (pebble blue)

  9. #9
    Member DrewJW's Avatar
    Join Date
    Sep 2012
    Location
    UK
    Posts
    68
    Member #
    2251
    Liked
    6 times
    Quote Originally Posted by sauspud View Post
    Fine in UK version as we had this fixed ages ago.
    Great news!

  10. #10
    Super Moderator spodoc's Avatar
    Join Date
    Jun 2012
    Posts
    4,502
    Member #
    305
    Liked
    2860 times
    Device
    United States SCH-I535
    Just entered the code and no reset on AOKP Build 3. Will try stock vzw rom later.


 
Page 1 of 2 12 LastLast

Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Replies: 0
    Last Post: 09-24-2012, 07:54 PM
  2. No DTS Movie Audio - The Reason (Buy Once, Play Anywhere)
    By BJ1200 in forum Galaxy S3 General Discussion
    Replies: 0
    Last Post: 09-11-2012, 01:38 AM
  3. Replies: 5
    Last Post: 07-24-2012, 06:52 AM
  4. memory seems low for no reason
    By frogfriend in forum Galaxy S3 Help
    Replies: 3
    Last Post: 06-28-2012, 08:04 AM
  5. Major European Roll-out Getting Underway
    By alphawave7 in forum Member News Depot
    Replies: 0
    Last Post: 05-28-2012, 10:07 PM

Search tags for this page

does the s3 international also have a security flaw
,
galaxy s3 security code flaw
,
galaxy s3 security flaw test
,

mmi codes galaxy s3 i535

,
reason to root s3
,
rooted galaxy s 3 security flaw
,
s3 roms
,
s3 root security
,
s3 secuirty flaw root
,
s3 security flaw
,
security flaw in galaxy s3
,
tw rom s3
Click on a term to search for related topics.