Samsung fixes Galaxy S3 bug, researchers offer fix for other phones
Posted on 27 September 2012.
Given the amount of information we all keep on our smartphones, it's no wonder that the recently demonstrated Samsung Galaxy S3 remote data-wipe hack has ruffled quite a few feathers.

Reports that Galaxy S2, Galaxy Beam, S Advance, and Galaxy Ace are also vulnerable have been popping up.

The reset to the factory settings and complete wipe of the contents is achieved via a simple USSD (Unstructured Supplementary Service Data) code delivered to the device via a specially crafted webpage or QR code, pushed by NFC, or even via a remotely triggered call to the specially crafted webpage via WAP push messages.

Samsung has pushed out a fix for the Galaxy S3 phones yesterday, but there is still no news on when the fixes for the other phones will be made available.

In the meantime, two researchers have created applications that deflect the attack. Collin Mulliner, a researcher with Boston's Northeastern University's SECLAB, has offered the TelStop app, and Joerg Voss has developed and published NoTelURL - both of which install an additional TEL URL handlers, pop up a warning when the user is faced with a TEL link and then ask whether he wants to follow it.

Users who want to known whether their phone is vulnerable to the attack can surf to a "USSD Check" page set up by H-Online, which has embedded a command that asks the phone to display its serial number (IMEI). If it does so without asking for permission, the phone can be remotely wiped without the user's consent.


10 practical security tips for DevOps

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Mar 31st