Researcher shows Samsung Galaxy S3 remote data-wipe hack
Posted on 25 September 2012.
At the recently held ekoparty Security conference in Buenos Aires security researcher Ravi Borgaonkar has demonstrated a simple attack that could lead to a remote wiping of some Android-based Samsung smartphones.

The reset to the factory settings and complete wipe of the contents is achieved via a simple USSD (Unstructured Supplementary Service Data) code delivered to the device via a specially crafted webpage or QR code, pushed by NFC, or even via a remotely triggered call to the specially crafted webpage via WAP push messages.

Borgaonkar demonstrated the attack on the Galaxy S3 device, but according to Slashgear, other devices running Samsung's customized version of Android are also affected.

Reports that Galaxy S2, Galaxy Beam, S Advance, and Galaxy Ace are also vulnerable have been popping up, although it also depends where and by whom the devices are sold.

For example, H-Online reports that European Samsung Galaxy S3 running Android 4.0.4 will not automatically run the code from the booby-trapped webpage, but that Galaxy S2 running on Android 2.3.6 or 4.0.3 will.

The problem seems to arise with the presence of TouchWiz user interface, which instead of screening the code first runs it automatically.

To protect themselves from possible attacks until Samsung pushes our a patch, users are advised to be careful which links they follow, and to switch off the automatic site loading in their QR and NFC readers.


The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Jul 28th