Samsung Smartphones Vulnerable To Remote Wipe Hack

DavidGilbert99 writes "Security researchers have discovered a single line of code embedded in websites which could wipe all data from your Samsung Galaxy S3 and other smartphones. Samsung smartphones including the Galaxy S3, Galaxy S2, Galaxy Ace, Galaxy Beam and Galaxy S Advance all appear to be affected by the bug which triggers a factory reset on your phone if your web browser is pointed to a particular website. Smartphones can also be directed to the code through NFC or using a QR code. Once the process has been initiated, users are have no way of stopping it. The hack was unveiled at the Ekoparty 2012 security conference in Argentina by Ravi Borgaonkar, a security researcher at the Security in Communications department at Technical University Berlin. ... Only Samsung smartphones running the company's proprietary TouchWiz user interface appear to be affected. According to telecoms engineer Pau Oliva, the Samsung Galaxy Nexus is not affected, as it runs on stock Android and doesn't use the TouchWiz skin on top." Hit the link above for a video demonstration.

Manufacturer's Android

[morcego]

People still use the manufacturer's version of Android ? (Any manufacturer, not only Samsung).

It is bloated, slow, full of useless crap.

The first thing I do on any new android phone that lands in my hands is to replace the firmware with something less full of )(@#*)(#$.

Re:Manufacturer's Android

[kelemvor4]

Because "quite nice" is not exactly what you want your smart phone to be. Try "amazing" like iPhone.

Sounds like apple fanboy talk to me. A smartphone is a smartphone, the amazing should have worn off shortly after you got your first one regardless of the model.

Re:Manufacturer's Android

[Miamicanes]

Some people might not like voiding their warranty the day they buy their phone.

Which is why we all make a nandroid backup before flashing a new firmware.

> Some people might not like voiding their warranty the day they buy their phone.

Manufacturers can lie about warranty-invalidation until they're blue in the face. The Magnuson-Moss Warranty Act ( http://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty_Act ) is a potent weapon that no manufacturer, not even Apple in their most arrogant AT&T-exclusive hissy fit, would dare to push back against because the FTC will smack them down and make a total example out of them.

Under Magnuson-Moss, a manufacturer can only deny warranty coverage if they can demonstrate that whatever the consumer did was literally the cause of the failure... and historically, the FTC hasn't made their job easy. They basically get one chance to make their case to the FTC, and if the FTC thinks the company is harassing the customer and wasting their time on a silly excuse, it will instantly smack them down and hit them with a huge fine.

If the manufacturer wanted to use "we had to reflash it via JTAG to stock" as an excuse for denying the claim or imposing a service fee, they'd have to testify that they don't routinely JTAG-reflash to stock as a troubleshooting step anyway.

If they tried to argue that you somehow triggered a condition via software that caused damage (say, setting a pair of directly-connected GPIO pins to outputs, with one high and one low), they'd still be backed up against the wall and told they were idiots for not putting a resistor between them, or at least going out of their way to make it abundantly clear to end users that custom firmware must never, ever do that specific action. In stark contrast to most consumer non-law, the FTC takes consumer rights seriously, and doesn't take crap from companies who try to wave vague disclaimers around and use them as an excuse and blanket license to run roughshod over consumers. The barrier isn't quite insurmountable, but a company that tried to fight it would have an uphill battle, and quickly discover that its usual dirty tricks weren't going to work this time around.

Companies doing dirty tricks with warranty coverage is nothing new. The same things phone manufacturers try to do today, American automakers did to our parents and grandparents openly and proudly, with a dash of extra salt to rub into consumer wounds ~30 years ago.

Magnuson-Moss is a rare gem of consumer-protection law passed by an angry congress fed up with the increasingly-bold abuses of the 3 most powerful companies in America at the time. Apple, Samsung, HTC, and Motorola might be powerful... but they're *nothing* compared to the "Big Three" American automakers circa 1975, and they know it.

Unfortunately, it's NOT against the law for a company to blatantly lie about its legal responsibilities, so companies can say anything and put all the restrictive text they want to put in their warranty descriptions. You just have to know that when push comes to shove, all you have to do is whisper the magic phrase "Magnuson-Moss" to get your complaint *instantly* escalated to the most senior manager on site and get total white-glove treatment and profuse apologies for the "misunderstanding" (inevitably blamed on the tier-1 support staff, who were just doing what the script told them to do).

That's what backups are for

[na1led]

You're more likely to drop the phone in the toilet then getting hacked. Besides, I'm sure Samsung will release a patch soon, so no need to run to the Apple store!

Tested it on my phone, didn't work

[Lebrun]

Galaxy S2 w/ ICS 4.0.3 here. It doesn't work on my phone.

The problem can be avoided by using another dialer

[fluor2]

Luckily Android can be very customized and thus we can work around this.

This can be blocked if you use an alternative Dialer App.
E.g. Exdialer (free).

Read the XDA thread where they investigate.

"The best solution i see at the moment is to install another dialer - when you navigate to malicious page android will display "choose dialer" dialog before doing anything, and you can cancel the operation by pressing back button. Just don't check "default" checkbox." (Source).

Of course, a confirmation dialogue should have been shown for *any* USSD codes.

To be honest, I still find it crazy that anybody can borrow a Samsung-phone and press *2767*3855# on the dialer and it would wipe it. This will probably not be fixed even if Samsung patches the dialer.