Samsung Galaxy S3 bug: other Android handsets at risk, researcher says

The security researcher who disclosed a Samsung Galaxy S III flaw that could trigger an unwanted reset has said other handsets could be susceptible to the problem, including the HTC One Series and Motorola Droids.
Written by Ben Woods, Contributor

A number of Android smartphones could be vulnerable to a bug that lets outsiders remotely tamper with the device, according to the security researcher who demonstrated a factory reset exploit on the Samsung Galaxy S3.

An exploit affecting the Samsung S3 can cause a complete factory reset. Image: Jessica Dolcourt/CNET

Ravi Borgaonker said the HTC One Series, Sensation, Sensation XL, Sony Ericsson's Xperia series, some Motorola Droids, the Samsung Galaxy S series and "possibly others" could all be vulnerable to remote wipe or permanent destruction of the SIM card — if they haven't been updated since June.

"[The] vulnerability is in the Android dialer, so one can exploit it using a malicious link, or write a malicious app that can invoke TEL intent to execute USSD codes," Borgoanker noted on Friday.

Borgaonker said that the Android Security group was informed of the exploit in June and began the process of patching it one week later, so handsets that haven't been updated since that time should be the only ones still vulnerable.

As with the previous case, the problem lies in the way the phones handle some USSD codes (Unstructured Supplementary Service Data). These are generally used by network operators to perform operations such as topping up credit or to deliver one-use passwords or PIN codes; they can also be used to configure the phone. 

However, Borgoanker said that some special USSD codes do not need the phone user to take action to invoke certain functions. Others can, with one click, "kill the SIM card permanently" within four seconds.

He added that all Android devices running Android 2.3.x (Gingerbread), 3.x (Honeycomb), 4.0.x (Ice Cream Sandwich) and 4.1.x (Jelly Bean) are vulnerable to this flaw if they had not been updated since June.

However, he added that only Samsung devices that haven't been updated are vulnerable to being remotely wiped to a factory reset status, as opposed to a permanent wipe of the SIM card.

Earlier this week, Samsung said it has already fixed the bug in the Galaxy S III, but it has not clarified whether other handsets are still vulnerable.

On Friday, HTC too said its handsets have been taken care of.

“We are aware of the potential USSD vulnerability that's been reported and had already taken measures to address this issue on our devices  prior to the public disclosure of this vulnerability," the company said. "While our devices do not support a USSD code to factory reset option, we always recommend that customers avoid modifying or rooting their device in order to preserve the device security measures in place."

Android-backer Google had not responded to a request for comment at the time of writing.

Editorial standards