It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
'Dirty USSD' code could automatically wipe your Samsung TouchWiz device 'Dirty USSD' code could automatically wipe your Samsung TouchWiz device
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


'Dirty USSD' code could automatically wipe your Samsung TouchWiz device
Reply
 
Thread Tools
Old 26th September 2012, 07:13   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 88,854
Stefan Mileschin Freshly Registered
Default 'Dirty USSD' code could automatically wipe your Samsung TouchWiz device

The Factory Reset. One of those last ditch efforts that many of us have a fair bit of experience with. However, a malicious embed code could potentially do the exact same thing to your Galaxy S III. The Unstructured Supplementary Service Data (USSD) code (which we won't reproduce here) apparently only works on Samsung phones running Touchwiz, and only if you are directed to the dodgy destination while inside the stock browser (rather than Chrome, for example). This means the Galaxy Nexus is unaffected, but it can work the same dark magic on the likes of the Galaxy S II.

We've been trying to murder a (UK-based) GS III here at Engadget, but with no luck as yet -- we can cause the malicious digits to appear in the dialer, but we can't force the stock browser to visit them as a URL, even when trying a bit of URL forwarding and QR code trickery. However, this particular GS III has been rooted in the past, even though it's now running an official TouchWiz ROM, and that may be interfering with the process.

Aside from our own experiences, the evidence for the vulnerability is certainly strong. It was demonstrated at the Ekoparty security conference last weekend, during which time presenter Ravi Borgaonkar also showed how a different code could even wipe your SIM card. See the video after the break for the evidence.

Update: Tweakers.net has been able to replicate the security hole on a Galaxy S Advance, while The Verge has confirmed that it works on both the Galaxy S II and the AT&T Galaxy S III. Samsung has told us it's looking into the issue.

http://www.engadget.com/2012/09/25/d...ung-hack-wipe/
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samsung announces ATIV S, a 4.8-inch Windows Phone 8 device Stefan Mileschin WebNews 0 30th August 2012 08:09
X-Cap automatically protects your lens even if you forget Stefan Mileschin WebNews 0 26th July 2012 08:03
Samsung set to reveal next US Galaxy device on August 15th Stefan Mileschin WebNews 0 23rd July 2012 07:39
Samsung spills Galaxy Note's ICS guts, releases kernel source code to devs Stefan Mileschin WebNews 0 24th May 2012 08:41
Samsung Electronics Presents a New Graphene Device Structure Stefan Mileschin WebNews 0 21st May 2012 07:26
Samsung Announces EyeCAN Pointing Device for Disabled Stefan Mileschin WebNews 0 28th February 2012 06:18
Microsoft will Automatically Update Internet Explorer, if You Let it Stefan Mileschin WebNews 0 16th December 2011 06:44
This one is for Faiakes - Dirty PCs jmke WebNews 11 23rd November 2009 16:06
XTrac InstaGlide mouse anti-friction wipe Sidney WebNews 0 28th April 2005 14:42

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 14:16.


Powered by vBulletin® - Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO