“A bug in the way Samsung’s TouchWiz UI interacts with USSD codes on Android smartphones may allow an attacker to perform a factory reset on susceptible devices, simply by embedding a link on a website or sending an SMS,” Matt Brian reports for TNW.
“An attacker could load the code in a website, SMS, an NFC Android Beam connection or via a QR code, have the user either visit the link or click it on their smartphone and it is possible to completely wipe the device without warning or giving the user the chance to stop it,” Brian reports.
Brian reports, “So far the following devices have been reportedly been confirmed to be affected: Galaxy S Advance; Galaxy S II (video); Galaxy S III; Galaxy Ace; Galaxy Beam.”
Read more in the full article here.
MacDailyNews Take: “Open.”
[Thanks to MacDailyNews Reader “David G.” for the heads up.]
Gee Wiz…..
WAY Open.
It would be great if printed QR codes started mysteriously appearing on street corners worldwide.
The label could say, use this QR code to upgrade your Android to “Ice Cream Sandwich”.
Wasn’t that a feature? I’m sure that I saw it on the specs checklist.
/s
iOS doesn’t offer this feature.
Droid does.
Android- you have more choices… Maybe not all is yours.
Oops, as they say in the trade.
Note to Android users, your Android phones just got gang-raped. That’s the $ to pay to be “open”.
Of course it’s easy to gloat over this bug. However there are some far more serious issues in play here.
First, this bug is in the “value” add layer that samsung added not in the base level of android. This highlights that serious bugs are not just in the core os, all these handsets are shipping with derived oses.
Second, how long are users of effected handsets going to wait for updates to fix the issue. I wouldn’t want to wait for samsang and the carriers to push the update, given their glacial speed of regular updates. Also are all affected handsets going to get a patch or just the recent ones that samsung cares about.
+1
I’d like to a copy of that QR code image. I’d make up roll of sticker and plaster every other product package at Best Buy with them.
[People in the Apple line who just saw two Samsung phones touch] – “Wait, what did you just do there?!?!?”
[The Samsung phone owner who came to the Apple line to brag about his phone] – “Oh, that?
Oh nothing, I just gave my friend a virus.”
[People in Apple line] – “How come my phone can’t do that?”
“Open”
As in,
“Fandroids, bend over and spread your cheeks, because your ‘portal of entry’ is … “
Hmmm.
Samsung’s TouchWiz, and Bump-Squirts.
Hmmm.
So all of those people in the Samsung ads who were mocking the iPhone 5 line were actually sharing malware? Coooool!
Just shows what happens when you touch your Wiz you are susceptible to socially transmitted diseases. ;0)
OMG! Great comment – had me laughing for more than a minute!
Why would anyone in the English-speaking world want to have anything to do with something called “Touch-Whiz.” Really gross imagery, there.
I was car-camping across British Columbia. Felt really good to have a shower in Golden.
So you’re saying that nothing has changed since my Samsung Omnia running windows mobile 6 in 2007. I got viruses and woke up to a restored phone and a message telling me “remote factory reset successful”.
Got an iPhone 3GS and never looked back. Now loving the iPhone 5
Samsung TouchWiz just makes you want to go PEE!
Swiss CheeseWiz
Open. As in ‘an open sore’……
What’s the value in this exploit?
Unless you can steal data then I don’t see the traditional criminal element putting a lot of time into it.
. I guess a 14 year old script kiddie might find it fun lol
Only a miner inconvenience if your phone is backed up to iCloud. Oh, wait, yea …