Samsung TouchWiz vulnerability will wipe some phones after just clicking a

By +Frank B.
in Back Page News

 Share

Recommended Posts

Grand Master

+Frank B. Subscriber²

Posted
  • Subscriber²
Posted

Samsung TouchWiz vulnerability will wipe some phones after just clicking a link

Samsung is finding itself in a spot of bother this morning, as a particular piece of HTML code has emerged that, when clicked, instantly resets the Galaxy S II ? and potentially other Android devices running the TouchWiz UI. Posted by Pau Oliva earlier today, the code was initially thought to affect the current flagship Galaxy S III model, however multiple negative reports and our own testing have shown that it only brings up the phone's dialer, failing to execute the full reset without user intervention. The latter is really the issue here: Samsung's software changes atop stock Android are allowing the GS II to automatically dial the hard reset code, taking away a critical aspect of user control.

The Galaxy S II is the only device we're certain is affected by the problem so far, though Tweakers.net reports successfully recreating it on the Galaxy S Advance as well. We're in touch with Samsung to get a better idea of the full scale and depth of this vulnerability.

Update: we have now managed to test this on an AT&T Samsung Galaxy S III and have confirmed it works on the device. Samsung tells us it's "looking into" the reports.

Source: The Verge

Grand Master

+Frank B. Subscriber²

Posted
  • Author
  • Subscriber²
Posted

did apple pay those people?

Heaven forbid there is an actual vulnerability in a Samsung product. No, let's blame the evil empire Apple.

Fail comment is fail, remixedcat.

The front page beat you to it, Meph. :p

Meh, I'm not overly concerned. So we just need to avoid TouchWiz, right?

... whoops, I swear I checked the front page and didn't see it. Mea culpa.

Grand Master

techbeck

Posted
Posted

Samsung Galaxy S III, designed for humans exploits.

Like there isnt exploits on all other systems as well. There will be a patched released for TW as soon as Samsung readys a patch for it. They were quick to release other patches/changes in TW before...so lets hope they are quick here as well.

The front page beat you to it, Meph. :p

Meh, I'm not overly concerned. So we just need to avoid TouchWiz, right?

Wish Samsung would wake up and just ditch TW.

Grand Master

tsupersonic

Posted
Posted

It's not just Samsung phones (with Touchwiz)...

Update: This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected. The fact is, this is not a Samsung problem, it's an old Android problem that has been known about for some time. More recent versions of Android avoid the wipe issue, but unpatched devices (like some Samsung phones) may still be vulnerable.

http://www.androidpolice.com/2012/09/25/new-exploit-could-force-factory-reset-on-many-samsung-phones-running-touchwiz/

Grand Master

techbeck

Posted
Posted

Did I say otherwise? No.

But yet you only mentioned Samsung.

We all know you dont like android and if all you are going to do is make comments like "Samsung Galaxy S III, designed for humans exploits." here and then again on TFP, then keep it to yourself.

Grand Master

.Neo

Posted
Posted

But yet you only mentioned Samsung.

That's because this thread involves Samsung only. Let me hold up a mirror for a second or two: Did you mention how most, if not all, major companies tend to spin things around if it suits their needs and thus can use it to their advantage? No, you did not. You purely talked about how Apple does it. I suggest you at least try to drop the display of double standards before calling others out. If not take a page from your own book and simply keep the remarks to yourself.

We all know you dont like android and if all you are going to do is make comments like "Samsung Galaxy S III, designed for humans exploits." here and then again on TFP, then keep it to yourself.

I have very little against Android in its vanilla state. In fact I recently bought my mom a Nexus 7 as a birthday present to take with her on holiday. Very nice device, especially for its price. Too bad huh?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Tidal won't monetize AI slop music, company says

      By monterxz · Posted

      I've been on Deezer for over a decade, but glad that Tidal joined them in fighting AI slop. Can't stand such takes as Spotify's: "Spotify's CEO recently pushed back against listeners who call AI music "slop," urging people to stop using the term and instead embrace the creative potential of AI music."
    • Why it's almost impossible to produce a smartphone in the United States

      By Cosmocronos · Posted

      “Could” … in the IS the healthcare is run by insurance companies that make indecent profits denying basic treatments to people that are paying money for nothing. Besides, where are all the Trump epigones who were stating that the tariffs were going to paid by foreign companies and not the US citizens? …
    • Microsoft Teams gets smarter at spotting sneaky meeting bots

      By Usama Jawad96 · Posted

      Microsoft Teams gets smarter at spotting sneaky meeting bots by Usama Jawad Microsoft Teams is set to receive a couple of new features soon, including a dedicated Recap app and a rather controversial location tracking functionality. The Redmond tech giant has also explained how it has made online communication and collaboration a lot more performant this year. Now, the company has detailed more secure bot admission mechanisms, as first reported by us in March 2026, and now available in Teams. As the use of AI has expanded across enterprise environments, Microsoft has begun allowing users to integrate bots into their meetings for various tasks, such as note-taking. While this has a tangible productivity benefit for users, Microsoft has highlighted how misconfiguration has allowed bots to join meetings that they shouldn't. This has created security and privacy risks, which Microsoft is now combating using a new Teams admin policy that allows organizers to control how external bots access meetings. Admins can leverage a policy called Manage external bots and their access to meetings. The default configuration is "When detected, require approval before joining", which places detected bots in a lobby before they are explicitly admitted into the meeting. The other option disables the experience. Microsoft has also requested admins to only allow organizers and co-organizers to manage access to a meeting, so that other people don't randomly allow bots into meetings. Teams will now be able to leverage infrastructure signals to intelligently detect and distinguish between bots and humans. Microsoft will soon also trial a registration experience for independent software vendors (ISVs) to build a system that registers a bot with Microsoft, so it is marked as a "known" bot. Teams will also categorize bots as trusted and suspected threats so that organizers can quickly identify which bots they want to allow into a meeting. Additional safeguards to block accidental admission of a bot into a meeting include: No one-click Admit option for identified bots Confirmation prompts when admitting participants that include bots Warnings when organizers choose Admit all, and bots are included Microsoft has begun rolling out this experience, and it will be retiring the current CAPTCHA verification implementation. In the future, the company plans to roll out new capabilities like allow-lists, organization-wide policies, admin reports, audit logs, and more granular controls.
    • Bypassed Windows 11 shows surprising stability on ancient, completely unsupported hardware

      By +Warwagon · Posted

      With the current hardware prices Microsoft should lift the restriction. Then if you have the correct TPM then allow you to use X feature, if you don't have the correct TPM then don't but still actually let you run windows. 11. With a disclaimer during install that X features would be unavailable.
    • Meta is reusing old DDR4 RAM in its servers instead of buying new hardware

      By C:Amie · Posted

      It's good for recycling of course. But commence inflation of a second hand RAM bubble and price gouging on DDR 4 inventory in 3... 2... 1...

  • Recent Achievements

    • Reacting Well
      NovaEdgeX earned a badge
      Reacting Well
    • Week One Done
      NovaEdgeX earned a badge
      Week One Done
    • One Year In
      BA the Curmudgeon earned a badge
      One Year In
    • Conversation Starter
      rosiecharles earned a badge
      Conversation Starter
    • First Post
      KMilenkoski1202 earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      538
    2. 2
      +Edouard
      266
    3. 3
      PsYcHoKiLLa
      151
    4. 4
      Steven P.
      98
    5. 5
      macoman
      66
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!