13 replies to this topic

[+Mephistopheles]

Samsung TouchWiz vulnerability will wipe some phones after just clicking a link

Samsung is finding itself in a spot of bother this morning, as a particular piece of HTML code has emerged that, when clicked, instantly resets the Galaxy S II — and potentially other Android devices running the TouchWiz UI. Posted by Pau Oliva earlier today, the code was initially thought to affect the current flagship Galaxy S III model, however multiple negative reports and our own testing have shown that it only brings up the phone's dialer, failing to execute the full reset without user intervention. The latter is really the issue here: Samsung's software changes atop stock Android are allowing the GS II to automatically dial the hard reset code, taking away a critical aspect of user control.

The Galaxy S II is the only device we're certain is affected by the problem so far, though Tweakers.net reports successfully recreating it on the Galaxy S Advance as well. We're in touch with Samsung to get a better idea of the full scale and depth of this vulnerability.

Update: we have now managed to test this on an AT&T Samsung Galaxy S III and have confirmed it works on the device. Samsung tells us it's "looking into" the reports.

Source: The Verge

[.Neo]

Samsung Galaxy S III, designed for humans exploits.

[+remixedcat]

did apple pay those people?

[Intrinsica]

The front page beat you to it, Meph.

Meh, I'm not overly concerned. So we just need to avoid TouchWiz, right?

[+Mephistopheles]

remixedcat, on 25 September 2012 - 14:07, said:

did apple pay those people?

Heaven forbid there is an actual vulnerability in a Samsung product. No, let's blame the evil empire Apple.

Fail comment is fail, remixedcat.

Intrinsica, on 25 September 2012 - 14:09, said:

The front page beat you to it, Meph.

Meh, I'm not overly concerned. So we just need to avoid TouchWiz, right?

... whoops, I swear I checked the front page and didn't see it. Mea culpa.

[+remixedcat]

it was a joke ok.... about the apple lawsuit stuff going on LOL....

[+techbeck]

.Neo, on 25 September 2012 - 14:05, said:

Samsung Galaxy S III, designed for humans exploits.

Like there isnt exploits on all other systems as well. There will be a patched released for TW as soon as Samsung readys a patch for it. They were quick to release other patches/changes in TW before...so lets hope they are quick here as well.

Intrinsica, on 25 September 2012 - 14:09, said:

The front page beat you to it, Meph.

Meh, I'm not overly concerned. So we just need to avoid TouchWiz, right?

Wish Samsung would wake up and just ditch TW.

[tsupersonic]

It's not just Samsung phones (with Touchwiz)...

Quote

Update: This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected. The fact is, this is not a Samsung problem, it's an old Android problem that has been known about for some time. More recent versions of Android avoid the wipe issue, but unpatched devices (like some Samsung phones) may still be vulnerable.

http://www.androidpo...nning-touchwiz/

[chezy666]

Isn't this solvable by changing Service Loading to prompt under message settings ?

[.Neo]

techbeck, on 25 September 2012 - 16:47, said:

Like there isnt exploits on all other systems as well.

Did I say otherwise? No.

[+techbeck]

.Neo, on 25 September 2012 - 18:50, said:

Did I say otherwise? No.

But yet you only mentioned Samsung.

We all know you dont like android and if all you are going to do is make comments like "Samsung Galaxy S III, designed for humans exploits." here and then again on TFP, then keep it to yourself.

[.Neo]

techbeck, on 25 September 2012 - 20:20, said:

But yet you only mentioned Samsung.

That's because this thread involves Samsung only. Let me hold up a mirror for a second or two: Did you mention how most, if not all, major companies tend to spin things around if it suits their needs and thus can use it to their advantage? No, you did not. You purely talked about how Apple does it. I suggest you at least try to drop the display of double standards before calling others out. If not take a page from your own book and simply keep the remarks to yourself.

techbeck, on 25 September 2012 - 20:20, said:

We all know you dont like android and if all you are going to do is make comments like "Samsung Galaxy S III, designed for humans exploits." here and then again on TFP, then keep it to yourself.

I have very little against Android in its vanilla state. In fact I recently bought my mom a Nexus 7 as a birthday present to take with her on holiday. Very nice device, especially for its price. Too bad huh?

[Growled]

So most of us on more modern Android versions are safe? That's reassuring.

[BoredBozirini]

Seems to me Android is not ready for the primetime yet. Maybe in version 10.