Web page code could wipe your Samsung Galaxy S3 in secondsDale Wright
Samsung Galaxy S3, Galaxy S2 and Galaxy S Advance owners are being warned of a serious security problem with their smartphone.
Researchers have found that they can add a special 11-character USSD code to web pages. Once viewed on the Samsung Galaxy S3, Samsung Galaxy S2 or Galaxy S Advance, this code wipes the entire device in seconds – including all the user’s personal data.
According to Techradar, other handsets such as the Beam and Ace could also be susceptible.
USSD codes are normally completely safe. However, it appears Samsung’s programmers have left a major security hole in their latest software which allows dangerous versions of USSD codes to be run automatically.
The effects of the chunk of code were demonstrated by Ravi Borgaonkar, a researcher from Berlin. At a security conference in Argentina yesterday, he showed how this simple 11-character code can be triggered instantly when an unsuspecting user visits a dodgy web page, receives a spam text, scans a QR code or reads an NFC tag. In effect, it’s a factory reset embedded into a simple command.
Apparently there are other codes out there too, but these have not been published as they could cause serious issues with Samsung smartphones. One reportedly has the ability to permanently deactivate customers’ SIM cards.
Samsung’s more recent Galaxy range uses Android together with Samsung’s TouchWiz UI. However, it’s only Samsung devices that are affected by the hack, so users of any other Android device need not worry.
As yet, there’s no evidence that hackers are using the code, but now that it’s available online, programmers may begin to try it out and trick people into clicking links to it. If you’re concerned, don’t click any strange links on Twitter and be careful about the texts you open and the web pages you visit. Some users who tried to wipe their own phones said that the Chrome browser didn’t run the code automatically, so if you’re worried, this might be the safest browser to use on your Samsung smartphone.
Samsung are likely to come up with a software update to remove this vulnerability, but the company hasn’t yet confirmed when this will happen.