/>
X

Samsung Galaxy S3 'vulnerable' to remote malicious reset

A single line of code embedded in a web page can be used to trigger a remote factory reset of some Samsung smartphones, including the Galaxy SIII and SII, a researcher has claimed.
ben-woods.jpg
Written by Ben Woods, Senior reporter on

Owners of Samsung Galaxy SII and SIII smartphones may want to take care when opening web links received via QR, NFC or push messages, after a security researcher showed that the handsets are potentially vulnerable to being remotely wiped.

Ravi Borgaonkar, a researcher in the Security in Communications department at Technical University Berlin, demonstrated the weakness at the Ekoparty security conference in Argentina last week.

According to Borgaonkar, the way the Galaxy SIII uses Unstructured Supplementary Service Data leaves it wide open to exploitation via a single line of malicious code embedded in a web page. Unstructured Supplementary Service Data, or USSD, is used to send messages between a phone and an application server.

The code can be used to trigger the reset for a Galaxy SIII, according to Twitter user @pof. Embedding it in a simple frame will automatically trigger a non-user initiated factory reset of the device, he added.

However, simply browsing a website with the code embedded will not trigger the reset, but opening a message via QR, NFC or WAP Push SMS will. When the website link opens, it starts the wipe.

In the demonstration video above, taken during the Ekoparty security conference, Borgaonkar said that the vulnerability can be mitigated by switching off Samsung's 'Service Loading' feature.

Samsung had not responded to a request for comment at the time of writing.

Related

Delta Air Lines just made an embarrassing announcement (you may be livid)
screen-shot-2022-06-22-at-3-50-54-pm.png

Delta Air Lines just made an embarrassing announcement (you may be livid)

Business
US weather, climate forecasting is about to get way better
screen-shot-2017-09-07-at-1.jpg

US weather, climate forecasting is about to get way better

Innovation
On July 12, we'll see the universe like never before
51656393132-ca88bc21e3-k

On July 12, we'll see the universe like never before

Space