Pin It
Pages Menu
Categories Menu

Posted by on Sep 25, 2012 in Hacking, Infosec | 0 comments

Samsung Touch Wiz exploit could reset your smartphone with a click

A Samsung Galaxy SII with Touch Wiz
If you are a Samsung smartphone owner, you are in for a big trouble if  Samsung does not release a fix soon for a recent exploit by which any one can factory reset your mobile with a simple click !
Ravi Shankar a Security researcher in Telecommunications department at Technical University Berlin demoed the USSD code vulnerability in the Samsung Touch Wiz Android skin found in it’s flagship smartphones such as Galaxy S1, SII and the more recent SIII at the ektoparty security conference in Buenos Aires.
He said that, the USSD code to reset Samsung smartphones can be invoked via HTML, QR and NFC and the phone can be factory reset with user intervention. He further added that the url for the malicious site with HTML code could be sent as an sms and still wipe the phone when the link is clicked.
This exploit is confirmed to work on all Galaxy SII models and AT&T version of Galaxy SIII, Ravi mentions in the tweet that the Galaxy SIII vulnerability is not with Touch Wiz but in Android itself.
You can see his tweet below,

@vladsavov Its not TouchWiz issue on S3, its a problem in the Android itself.
— Ravishankar (@raviborgaonkar) September 25, 2012

Pau Oliva, a security researcher has posted a tweet on twitter on how to invoke the USSD vulnerability via HTML,

the USSD code to factory data reset a Galaxy S3 is *2767*3855# can be triggered from browser like this:
— Pau Oliva (@pof) September 25, 2012  (Dutch) has reported that, the exploit works in Galaxy S Advance along with Galaxy SII.
So any one with some basic knowledge of websites or blog could make use of the above code to reset your smartphone. Ravi says, this vulnerability could be avoided if the ‘service loading‘ is switched off in the settings.
So next time when you download untrusted Apps , load QR code or hit a NFC tag from untrusted resource , be aware that you could loose all your data in your smartphone.
The following two tabs change content below.
Indiandragon though Developer, Hacker and Researcher by profession, he aslo writes on Movies, Sports and Entertainment in News@Indiandragon. He specialises in Technology, Defence and Information Security.