Heads up, owners of Samsung Android handsets, because a new security flaw has been discovered that could possibly end up totally wiping your phone. The bug, shown off by Ravi Borgaonkar at the Ekoparty security conference, can apparently be delivered to a device in a USSD code either by a website or via NFC or a QR code. USSD codes are messages created on a phone that are typically used for things like callback services or to check the balance on a pre-paid device. Once the code has been pushed to a vulnerable device, it doesn't appear that there's any way for the user to stop the process. It's also said that the flaw also leaves devices open to having their SIM card killed by a similar method.
So far it's said that only Samsung-made devices running TouchWiz are susceptible to this attack, with phones like the Galaxy S III, Galaxy S II and Galaxy Ace reportedly open to the various forms of the bug. It's thought that Google's Chrome browser doesn't allow for this code to be run, so users of the aforementioned devices may want to consider checking out Chrome if they're currently using Samsung's default browser.
While there have been mixed reports about which devices these codes will actually wipe, it's probably wise for owners of TouchWiz-powered handsets to avoid any links or anything of that nature that they don't trust. Samsung has yet to comment on the situation, but if we hear anything from the company, we'll be sure to update you. Until then, you can view Borgaonkar's demonstration of the bug in the video below.
UPDATE: The Verge says that it's gotten the bug to work on an AT&T Galaxy S III. Meanwhile, Samsung has told the site that it's "looking into" this issue.
UPDATE 2: Our own Taylor Martin has confirmed that this bug also affects the Sprint Galaxy S III.
Via SlashGear, The Next Web
- Log in to post comments