Samsung TouchWiz Devices Vulnerable to Mischief

Saw this tweet yesterday on Twitter:


The account is a parody… but the “tel:*2767*3855%23” is quite serious.

It’s a reference to a “vulnerability” which exists on some versions of Samsung Android phones, those running Samsung’s TouchWiz UI. (So, not Nexus.) And by vulnerability, we mean that some “genius” developed a feature to factory hard reset TouchWiz devices using an Unstructured Supplementary Service Data (USSD) code — without requiring a prompt from the user!

As such, there are numerous ways in which a device could be remotely targeted and prompted to run service commands.

The vulnerability was demonstrated by Ravi Borgaonkar last weekend at the Ekoparty security conference, which you can see here.

The good news is that Borgaonkar informed Samsung in June. Current versions of Galaxy S III firmware should not be vulnerable.

Remote wipe via iframe USSD trigger

Also good news: remote factory hard resets don’t exactly have a profit motive. So this isn’t something anybody will likely ever see in the wild. But still, if you have a Samsung running TouchWiz, make sure you update to the latest firmware.

Also, other vendor’s phones could be subject to similar issues. One workaround to consider is a third-party dialer app.

On 26/09/12 At 11:58 AM

Read more: Samsung TouchWiz Devices Vulnerable to Mischief

Story added 26. September 2012, content source with full text you can find at link above.