Samsung Galaxy S III remote reset exploit discovered

Sometimes a word or sentence is enough to destroy friendships and relationships. In computing, pressing Y instead of N can create a nightmare for even the most experienced IT Pro. So it would be very frustrating if Samsung allowed a single line of code to be remotely executed, wiping your near full Galaxy S III, wouldn’t it?

Security researchers have discovered that one line of code is all it takes to start an unstoppable factory-reset of the S III, opening the possibilities for malicious websites to completely wipe the handset, restoring it to it’s out of the box experience.

Ravi Borgaonkar showed the hack at the Ekoparty security conference with a simple USSD code. He said that the code could be sent from a website, pushed to the handset by NFC or triggered by a QR code. And it’s not just the Galaxy S III that’s affected; other Samsung handsets are affected too!

The user will see the process taking place, but hitting back won’t stop the reset. The same applies to the QR codes and NFC tags; no warning and no hope of stopping it. And in a double whammy attack, a simple USSD code could be used to kill the SIM, leaving the user with a very expensive PDA.

Samsung devices running TouchWiz devices are all affected; vanilla Android OS installs will not automatically dial the code, leaving the user to intervene at the last moment. But guess what? Samsung’s default setting is to dial the code automatically.

The code has been tested on the Galaxy Beam, S Advance, Galaxy Ace, and Galaxy S II. The Samsung-made Galaxy Nexus, which runs stock Android, has dodged a bullet as is not vulnerable.

Source: Slashgear

Report a problem with article
Previous Story

Bitfloor's Bitcoin exchange back online following hack earlier this month

Next Story

Nokia continues to give hints about Windows 8 tablet

64 Comments

Commenting is disabled on this article.

You should actually be mentioning in article that this is an old flaw in touch wiz firmware that was patched a while back and only phone not up to date are affected. This is opposed to their competitor who has major flaws a year old still open.

"... and no hope of stopping it"

Um, remove the battery to shut down the phone maybe? Would that help?

I guess not, seeing as most people wouldn't have an idea what was going on before it was too late.

Dushmany said,

A valid point, but in real time, a lot of phones could be in a case of some sort, like mine, and hypothetically, the time it would take to remove the case, then the back cover could be 15 or 20 seconds, possibly longer depending on what type of casing you have.

Most phones also have a forced shutdown method that doesn't require removing the battery. On my GSII it's holding down the power button for about 10 seconds (usually less). Of course in that time some damage could be done but again, it's easily fixed anyway.

SPEhosting said,
OH NO how will everything stored on a back up that I update every week be saved!!!
But you shouldn't need to use a backup because Samsung made an amateur mistake. Plus, you can't back up a SIM card. Which this also bricks.

Simon said,
But you shouldn't need to use a backup because Samsung made an amateur mistake. Plus, you can't back up a SIM card. Which this also bricks.
Well if you're on a CDMA network I guess you have nothing to worry about then.

Simon said,
But you shouldn't need to use a backup because Samsung made an amateur mistake. Plus, you can't back up a SIM card. Which this also bricks.

back up a sim? do you mean the texts and logs stored on a sim? all that is backed up also on mine :3 phone numbers/contacts etc only thing i dont back up is app data but they ****ty apps

SPEhosting said,

back up a sim? do you mean the texts and logs stored on a sim? all that is backed up also on mine :3 phone numbers/contacts etc only thing i dont back up is app data but they ****ty apps

SIMs don't store texts or logs...

SPEhosting said,

back up a sim? do you mean the texts and logs stored on a sim? all that is backed up also on mine :3 phone numbers/contacts etc only thing i dont back up is app data but they ****ty apps
No, I mean the information it uses to connect to the network. You know, the important part of a phone.

SPEhosting said,

you are wrong around 255 can be stored on a sim normally in more modern times the phones storage is used

Right, my bad.

Makes me wonder if sgs1 is vulnerable. I run cm9 on mine, but i have relatives that use touchwiz on their sgs's, and some of them access questionable sites

obiwankenobi said,
Makes me wonder if sgs1 is vulnerable. I run cm9 on mine, but i have relatives that use touchwiz on their sgs's, and some of them access questionable sites

Some builds of CM9 also have this.

pes2013 said,

Some builds of CM9 also have this.

Yikes! Oh well...I go to work for AT&T in about a month anyway, and after 30 days, I think it's 30 days anyway....I get the phone of my choice. (It may be after 90, though, not sure) So I'm upgrading soon either way. Might be a good opportunity for me to switch to WP anyway, which I've been wanting to do. Still though...ouch! ><

Wow, another exploit found on a device. Like this doesnt happen all over the place and not just Android devices.

Exploit has been found and it will be patched. This cycle has been going on for decades. Only problem here is if it takes Samsung a long time to address the issue.

Why does he need wifi to send a text message to the phone? Suspect from the start. So he then runs the message already installed on the phone. Absolute bogus.

BeLGaRaTh said,
Why does he need wifi to send a text message to the phone? Suspect from the start. So he then runs the message already installed on the phone. Absolute bogus.
Watch the stuff near the end. Works with NFC or a QR code. It's just a website.

Obviously not a huge exploit since it's just now being discovered for one. Also, I've yet to hear of anyone effected by it and if a person is dumb enough to visit a site of whatever that decides to use the exploit they deserve what they receive. Yes, it needs to be fixed but it seems quite a few are saying this is more of a 'spray and pray' exploit. Some will be reset, others won't.

Lastly, it's a factory reset. Since a factory reset doesn't touch the internal or external sd memory that stuff is safe. It erases the installed apps - that's all. One trip to Google Play and that problem is solved. Enter your email info again and the contacts are back. Sure you lose text messages but if they were that important you'd have them backed up anyway.

KCRic said,
Obviously not a huge exploit since it's just now being discovered for one. Also, I've yet to hear of anyone effected by it and if a person is dumb enough to visit a site of whatever that decides to use the exploit they deserve what they receive. Yes, it needs to be fixed but it seems quite a few are saying this is more of a 'spray and pray' exploit. Some will be reset, others won't.

Lastly, it's a factory reset. Since a factory reset doesn't touch the internal or external sd memory that stuff is safe. It erases the installed apps - that's all. One trip to Google Play and that problem is solved. Enter your email info again and the contacts are back. Sure you lose text messages but if they were that important you'd have them backed up anyway.

Stop trying to talk this away. Just because an epxloit has only just been discovered doesn't make it any less serious. The reason why you haven't seen it in the wild is because these guys have only just shown it off at a conference

KCRic said,
Lastly, it's a factory reset. Since a factory reset doesn't touch the internal or external sd memory that stuff is safe. It erases the installed apps - that's all. One trip to Google Play and that problem is solved. Enter your email info again and the contacts are back. Sure you lose text messages but if they were that important you'd have them backed up anyway.

Another exploit (from this one) has been found that ****s up your sim card

DomZ said,

Stop trying to talk this away. Just because an epxloit has only just been discovered doesn't make it any less serious. The reason why you haven't seen it in the wild is because these guys have only just shown it off at a conference

Wow, not trying to "talk it away" fanboy. I'm simply stating that it's not that serious. It's been around for quite some time now and yes, nobody has been effected by it. Not because they are showing "proof of concept" at a conference but because it's so obscure that it's just now being discovered, has been fixed in newer versions, and doesn't always work.

Even if a single person were to be hit with this, the fix is stupid simple. There's no loss of data that can't be recovered very quickly and easily. Imagine someone uninstalling a program from Windows but not deleting the settings and data - you re-install the program and your problems are solved. That's all this 'no less serious' exploit accomplishes.

pes2013 said,

Another exploit (from this one) has been found that ****s up your sim card
Not mine. Not that I prefer it but I'm on a network that doesn't use SIM cards. You know, like Verizon and Sprint.

This isn't just limited to Samsung phones, despite them using one to demonstrate this flaw, it is in fact an old Android flaw that has been patched on newer ROMs so any handset not running the latest ROM is at risk.

How about we call it "a TouchWiz exploit" and stop appending "-gate" to every issue? I mean, we don't call a zero-day exploit "micro-gate"...

Apologies. For some reason this need to "gate" issues and problems is really annoying me.

Intrinsica said,
How about we call it "a TouchWiz exploit" and stop appending "-gate" to every issue? I mean, we don't call a zero-day exploit "micro-gate"...

Apologies. For some reason this need to "gate" issues and problems is really annoying me.

I'm pretty sure omgben agrees with you.

I do like Wizgate though.

Intrinsica said,
How about we call it "a TouchWiz exploit" and stop appending "-gate" to every issue? I mean, we don't call a zero-day exploit "micro-gate"...

Apologies. For some reason this need to "gate" issues and problems is really annoying me.

Full heartedly agree!

Intrinsica said,
How about we call it "a TouchWiz exploit" and stop appending "-gate" to every issue? I mean, we don't call a zero-day exploit "micro-gate"...

Apologies. For some reason this need to "gate" issues and problems is really annoying me.

I was poking fun at the need to slap gate after every problem that surfaces.

omgben said,

I was poking fun at the need to slap gate after every problem that surfaces.

S-Wipe? It might be a feature

Samsung devices running TouchWiz devices are all affected; vanilla Android OS installs will not automatically dial the code, leaving the user to intervene at the last moment. But guess what? Samsung's default setting is to dial the code automatically.

OK, so the default is turned to on, how do users change it to no?

Ouch thats bad news, thank god for custom roms

And now to twist this in to an anti-apple post <ahem> only joking

Teebor said,
Ouch thats bad news, thank god for custom roms

And now to twist this in to an anti-apple post <ahem> only joking


Affects some ASOP ROMs too.

-T- said,
I wonder if I can put it in my Facebook status, I'd get a laugh out of that

I'd rather take out an ad with Google Adwords and target it to mobile users

Andrew Lyle said,

I'd rather take out an ad with Google Adwords and target it to mobile users

You sir are an evil genius. I present you with 1 internets

littleneutrino said,
Yet another fantastic reason to runs AOSP and not Touchwiz

Exactly. And when they push out an update, itll take the carriers a while to add their bloat and release it. Older devices likt eh SII wont even see an update probably.

Thank god ive got CM9