Hack identified that makes TouchWiz vulernable to a remote data wipe

In some news that is sure to make Samsung Galaxy device owners a bit uneasy, a single line of code can apparently trigger an unstoppable factory-reset on Samsung devices that utilize the TouchQiz UI. This code, security researchers have discovered, has the potential for malicious websites to wipe out users’ phones with no ability to prevent it. This affects a variety of devices including the popular SII model. The hack was detailed by Ravi Borgaonkar at the Ekoparty security conference, with a simple USSD code – that could be sent from a website, or pushed to the handset by NFC or triggered by a QR code – that can reset the Galaxy S II as well as other Samsung Galaxy handsets.

Only Samsung devices running TouchWiz appear to be affected. Basic vanilla Android fortunately only shows the code in the dialer screen but does not run or dial it automatically, Pau Oliva reports. Samsung’s default, though, is to dial the hack code automatically. What appears to be most concerning, is that it’s possible to potentially be susceptible to the hack in a second way that is even far more damaging. According to Borgaonkar, a USSD code can be included that also kills the SIM card currently in the handset. That way, a single message could be used to wipe a Samsung phone and leave the user with a broken SIM too.

It’s also possible to push Samsung handsets straight to a website running the bad code using a WAP-push SMS message. For the moment, the advice is to deactivate automatic site-loading in whatever QR and/or NFC reader software you use, and be careful about clicking links that you don’t implicitly trust. The best course of action is to download the Chrome browser and avoid using the default browser until a solution is found.

[UPDATE] The code was initially thought to affect the current flagship Galaxy S III model, however multiple negative reports and testing over at The Verge have disproved this theory. Rather testing has revealed that it will only bring up the phone’s dialer, failing to execute the full reset without user intervention.  The same code has been found to work on the Galaxy Beam, S Advance, Galaxy Ace, and Galaxy S II. However, the Samsung-made Galaxy Nexus, which runs stock Android, is not susceptible.

Stay tuned to DroidDog for continued coverage of this major secruity concern for Samsung Galaxy owners.

Pau Oliva (Twitter), EKOParty.org, via  Steve Troughton-Smith (Twitter), The Verge 

Tags: , , , , , ,