Samsung Smartphones Vulnerable To Remote Wipe Hack

DavidGilbert99 writes "Security researchers have discovered a single line of code embedded in websites which could wipe all data from your Samsung Galaxy S3 and other smartphones. Samsung smartphones including the Galaxy S3, Galaxy S2, Galaxy Ace, Galaxy Beam and Galaxy S Advance all appear to be affected by the bug which triggers a factory reset on your phone if your web browser is pointed to a particular website. Smartphones can also be directed to the code through NFC or using a QR code. Once the process has been initiated, users are have no way of stopping it. The hack was unveiled at the Ekoparty 2012 security conference in Argentina by Ravi Borgaonkar, a security researcher at the Security in Communications department at Technical University Berlin. ... Only Samsung smartphones running the company's proprietary TouchWiz user interface appear to be affected. According to telecoms engineer Pau Oliva, the Samsung Galaxy Nexus is not affected, as it runs on stock Android and doesn't use the TouchWiz skin on top." Hit the link above for a video demonstration.

Manufacturer's Android

[morcego]

People still use the manufacturer's version of Android ? (Any manufacturer, not only Samsung).

It is bloated, slow, full of useless crap.

The first thing I do on any new android phone that lands in my hands is to replace the firmware with something less full of )(@#*)(#$.

Re:Manufacturer's Android

[DCstewieG]

Some people might not like voiding their warranty the day they buy their phone.

Re:Manufacturer's Android

[Scott64]

I don't think he's talking about that. That's not full of crap from the manufacturer (Samsung). The Nexus devices are free of all of that crap.

The S III I bought recently got the root/CWM/AOKP treatment within the first couple hours of ownership (as soon as the kids went to bed).

Re:Manufacturer's Android

[admdrew]

[Android is] the PC reincarnated into a mobile device

Correct. Yay freedom!

Re:Manufacturer's Android

Because "quite nice" is not exactly what you want your smart phone to be. Try "amazing" like iPhone.

Amazing? You have an iPhone..... don't your type usually say "FABULOUS!"

Re:Manufacturer's Android

[kelemvor4]

Because "quite nice" is not exactly what you want your smart phone to be. Try "amazing" like iPhone.

Sounds like apple fanboy talk to me. A smartphone is a smartphone, the amazing should have worn off shortly after you got your first one regardless of the model.

Re:Manufacturer's Android

[Samalie]

Because this is what the average person does when they buy a driod?

You have to realize...the greatest strength of Andriod is also its greatest failing. Sure, you CAN load a custom firmware...but outside of the tech circles, who the fuck actually DOES it?

Re:Manufacturer's Android

[wonkey_monkey]

People still use the manufacturer's version of Android ? The first thing I do on any new android phone that lands in my hands is to replace the firmware with something less full of )(@#*)(#$.

I hate to break it to you, but you are not representative of "people" when it comes to this sort of thing. Most people a) are perfectly happy with everything their phone does when it comes out of the box, b) don't even know they can reflash their phone and c) wouldn't have the first clue how to go about it if they did.

Re:Manufacturer's Android

[RMingin]

Good timing, I switched my T-Mo Galaxy S2 over from a customized version of their stock rom to Cyanogenmod this morning, since I have my VoIP/Wifi calling solution tested to my satisfaction. The integrated/zero setup Wifi calling that T-Mobile offers was the one compelling feature of Touchwiz for me.

I seriously think that T-Mo should investigate moving Wifi calling back out into a standalone APK like it used to be. There are lots of folks like me who like the idea but prefer to have a non-T-Mo handset to use it with, but still on T-Mobile's network, which AFAICT should be the primary product.

Re:Manufacturer's Android

[jo_ham]

Everyone who uses a computer with a network interface uses a MAC.

Re:Manufacturer's Android

[nogginthenog]

I use PPP you insensitive clod!

Re:Manufacturer's Android

[Miamicanes]

Some people might not like voiding their warranty the day they buy their phone.

Which is why we all make a nandroid backup before flashing a new firmware.

> Some people might not like voiding their warranty the day they buy their phone.

Manufacturers can lie about warranty-invalidation until they're blue in the face. The Magnuson-Moss Warranty Act ( http://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty_Act ) is a potent weapon that no manufacturer, not even Apple in their most arrogant AT&T-exclusive hissy fit, would dare to push back against because the FTC will smack them down and make a total example out of them.

Under Magnuson-Moss, a manufacturer can only deny warranty coverage if they can demonstrate that whatever the consumer did was literally the cause of the failure... and historically, the FTC hasn't made their job easy. They basically get one chance to make their case to the FTC, and if the FTC thinks the company is harassing the customer and wasting their time on a silly excuse, it will instantly smack them down and hit them with a huge fine.

If the manufacturer wanted to use "we had to reflash it via JTAG to stock" as an excuse for denying the claim or imposing a service fee, they'd have to testify that they don't routinely JTAG-reflash to stock as a troubleshooting step anyway.

If they tried to argue that you somehow triggered a condition via software that caused damage (say, setting a pair of directly-connected GPIO pins to outputs, with one high and one low), they'd still be backed up against the wall and told they were idiots for not putting a resistor between them, or at least going out of their way to make it abundantly clear to end users that custom firmware must never, ever do that specific action. In stark contrast to most consumer non-law, the FTC takes consumer rights seriously, and doesn't take crap from companies who try to wave vague disclaimers around and use them as an excuse and blanket license to run roughshod over consumers. The barrier isn't quite insurmountable, but a company that tried to fight it would have an uphill battle, and quickly discover that its usual dirty tricks weren't going to work this time around.

Companies doing dirty tricks with warranty coverage is nothing new. The same things phone manufacturers try to do today, American automakers did to our parents and grandparents openly and proudly, with a dash of extra salt to rub into consumer wounds ~30 years ago.

Magnuson-Moss is a rare gem of consumer-protection law passed by an angry congress fed up with the increasingly-bold abuses of the 3 most powerful companies in America at the time. Apple, Samsung, HTC, and Motorola might be powerful... but they're *nothing* compared to the "Big Three" American automakers circa 1975, and they know it.

Unfortunately, it's NOT against the law for a company to blatantly lie about its legal responsibilities, so companies can say anything and put all the restrictive text they want to put in their warranty descriptions. You just have to know that when push comes to shove, all you have to do is whisper the magic phrase "Magnuson-Moss" to get your complaint *instantly* escalated to the most senior manager on site and get total white-glove treatment and profuse apologies for the "misunderstanding" (inevitably blamed on the tier-1 support staff, who were just doing what the script told them to do).

Re:Manufacturer's Android

[Golddess]

I don't even let my dog have a phone.

And I thought humans were the only animal to enslave their own kind.

(Note to others, check poster's name)

Re:Manufacturer's Android

[BasilBrush]

Correct. Yay freedom!

The freedom to buy a machine loaded with crapware, and then spend time getting it to a fit state to use. Yes, Android sounds very much like the PC platform.

"Hit the link above for a video demonstration"

[Biff98]

Nukes your phone.

Re:"Hit the link above for a video demonstration"

[Cinder6]

If that's what the link did, it would probably be the most impressive troll I've personally seen.

That's what backups are for

[na1led]

You're more likely to drop the phone in the toilet then getting hacked. Besides, I'm sure Samsung will release a patch soon, so no need to run to the Apple store!

Re:That's what backups are for

[Mordaximus]

You're more likely to drop the phone in the toilet then getting hacked.

I doubt you'll get hacked after having dropped it in the toilet, and if you do you have some rather unfortunate luck.

Re:That's what backups are for

Release the patch soon!? Obviously, you've never tried updating an android phone :D

Re:That's what backups are for

[ThatsMyNick]

Mod Up! Carriers have no motivation to send ROM upgrades. Even if samsung makes them available, I am pretty sure the carriers would never find it worth the airtime to send you the upgrade.

Here comes the lawsuits!

[Smidge204]

You'd have thought Samsung would learn their lesson already. Don't they know that Apple patented remote data wipe technology years ago?

=Smidge=

Link Warning

[microcars]

has dueling auto-play videos that have nothing to do with subject. so turn down yer volume.

Tested it on my phone, didn't work

[Lebrun]

Galaxy S2 w/ ICS 4.0.3 here. It doesn't work on my phone.

The problem can be avoided by using another dialer

[fluor2]

Luckily Android can be very customized and thus we can work around this.

This can be blocked if you use an alternative Dialer App.
E.g. Exdialer (free).

Read the XDA thread where they investigate.

"The best solution i see at the moment is to install another dialer - when you navigate to malicious page android will display "choose dialer" dialog before doing anything, and you can cancel the operation by pressing back button. Just don't check "default" checkbox." (Source).

Of course, a confirmation dialogue should have been shown for *any* USSD codes.

To be honest, I still find it crazy that anybody can borrow a Samsung-phone and press *2767*3855# on the dialer and it would wipe it. This will probably not be fixed even if Samsung patches the dialer.

What the hell, ibtimes.co.uk?

[wonkey_monkey]

Two autoplaying video streams with audio? Yeah, that was a good idea.

This was already fixed

[Emetophobe]

Most Galaxy S III Devices Are Not Vulnerable To USSD Wiping Exploit: It Was Already Fixed In An Update

Re:The problem can be avoided by using another dia

[Emetophobe]

I mentioned this in another post, but the exploit was already patched a few weeks ago. Source.

Re:You have the same freedom on an iPhone

[admdrew]

To each their own. Enjoy those maps!

It is analogous

[SuperKendall]

You seem to think that jailbreaking to load Cydia and some pirated apps is somehow analogous to being able to reload the device with 100% open-source software from the ground up...

Why is it not? After jailbreaking you can change anything on the OS. There's no need to reload the whole thing (although that too is possible) when you can instead change any aspect of the way the system behaves.

Cydia is all about modification of system and third party apps, plus applications that Apple would not approve. And you can side-load from anywhere else.

It's exactly analogous, because for most people jailbreaking is about the freedom to change the system, just as re-loading the OS accomplishes the same thing on Android.

One way to note that it's the same, is that after jailbreaking you can load newer versions of Apple's OS on older devices APple does not support - exactly like on Android using other builds to load newer versions of Android on devices the carriers are not supporting.

Not a Touchwiz- or Samsung-specific problem

[Swampash]

Exploit works on non-Samsung phones too.

https://dylanreeve.posterous.com/remote-ussd-attack-its-not-just-samsung