Galaxy S III and Other Sammy Devices Vulnerable to Remote Wipe Hack

[dgstorm]

Some security researchers have found a pretty severe security vulnerability in the Samsung Galaxy S III that also appears on several other Samsung devices including the Galaxy Beam, S Advance, Galaxy Ace, and Galaxy S II. According to their demonstration given at the Ekoparty security conference, a simple USSD can trigger an event that will cause the phone to do a factory reset and wipe all your personal data. Additionally, they also shared that the data-wipe hack can hit the devices in multiple ways. It could be be sent from a website, pushed via NFC or triggered by a QR code.

Interestingly, the Samsung Galaxy Nexus is unaffected because it is a pure Android device, which shows this was Sammy's coding mistake. Supposedly, an update has already been sent out to some SGS3 phones, but that has not been confirmed. Here's a quote with some additional info,

“The USSD code issue in the SGS3 is patched, and has been for some time” TeamAndIRC claims. “Current i747 [AT&T Galaxy S III] and i9300 [European Galaxy S III] firmware are not vulnerable.” An update pushed out to the AT&T Galaxy S III last week apparently patched the loophole, with the i9300 being updated beforehand. We’re still yet to hear from Samsung with an official comment.

Samsung has yet to comment on the find. Above is a video demo of the vulnerability in action.

Thanks to all my tipsters who sent this one in (including spodoc with his post earlier this morning, here.)!

Source: SlashGear

[sauspud]

Panicked then saw the UK version was fine and safe. Good old blighty saved again.

[spodoc]

Ninja'd you: Major Security Flaw in TW: Good Reason to Root/Rom Your S3