A potentially damaging remote data wipe hack issue has been discovered on the Samsung Galaxy S III smartphone, that requires only a single line of code to trigger a complete wipe of the device.
Once executed, the single line of code on the Samsung Galaxy S III smartphone will trigger an unstoppable factory-reset, wiping everything from the phone, without the user’s consent. Watch the video after the jump to see it in action.
Details of the Vulnerability
The issue on the Galaxy S III was discovered by Ravi Borgaonkar, who showed the details of the potential malicious hack at the Ekoparty security conference. Using a simple USSD code, which could be sent to the phone from a website, or pushed via NFC or a QR code, the device could be reset without the owner’s permission. This vulnerability is particularly concerning because it can be exploited so easily and without any interaction from the user.
USSD (Unstructured Supplementary Service Data) codes are typically used for network communication and can be used to trigger various functions on a phone. In this case, the code triggers a factory reset, which wipes all data, including contacts, photos, apps, and personal settings. The fact that this can be done remotely and without warning makes it a severe security flaw.
Impact on Other Devices
After further investigation, it now looks like the code will also work on other Samsung devices, including the Galaxy Beam, S Advance, Galaxy Ace, and Galaxy S II. However, the Galaxy Nexus is not susceptible to the code running. This broad range of affected devices indicates that the vulnerability is not limited to a single model but could potentially impact millions of users worldwide.
The implications of such a vulnerability are significant. For instance, malicious actors could embed the USSD code in a website or a QR code, and unsuspecting users who visit the site or scan the code could have their devices wiped without any warning. This could lead to loss of important data and significant inconvenience for users.
Samsung has been made aware of the issue and is expected to release a patch to fix the vulnerability. In the meantime, users are advised to be cautious about visiting unknown websites and scanning QR codes from untrusted sources. Additionally, users can disable the automatic execution of USSD codes by installing a security app that intercepts such codes.
This incident highlights the importance of regular software updates and security patches. Manufacturers and developers must remain vigilant in identifying and addressing vulnerabilities to protect users from potential threats. It also underscores the need for users to stay informed about security issues and take proactive steps to safeguard their devices.
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.