Flaw in Samsung’s ‘TouchWiz’ UI leaves devices open to data-wiping

“A bug in the way Samsung’s TouchWiz UI interacts with USSD codes on Android smartphones may allow an attacker to perform a factory reset on susceptible devices, simply by embedding a link on a website or sending an SMS,” Matt Brian reports for TNW.

“An attacker could load the code in a website, SMS, an NFC Android Beam connection or via a QR code, have the user either visit the link or click it on their smartphone and it is possible to completely wipe the device without warning or giving the user the chance to stop it,” Brian reports.

Brian reports, “So far the following devices have been reportedly been confirmed to be affected: Galaxy S Advance; Galaxy S II (video); Galaxy S III; Galaxy Ace; Galaxy Beam.”

Read more in the full article here.

MacDailyNews Take: “Open.”

[Thanks to MacDailyNews Reader “David G.” for the heads up.]

26 Comments

  1. Of course it’s easy to gloat over this bug. However there are some far more serious issues in play here.

    First, this bug is in the “value” add layer that samsung added not in the base level of android. This highlights that serious bugs are not just in the core os, all these handsets are shipping with derived oses.

    Second, how long are users of effected handsets going to wait for updates to fix the issue. I wouldn’t want to wait for samsang and the carriers to push the update, given their glacial speed of regular updates. Also are all affected handsets going to get a patch or just the recent ones that samsung cares about.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.