Samsung Plugs Android Smartphone Remote Wipe Flaw

From DailyTech: Yesterday, word surfaced that a "feature" meant to make it easier for techs to remotely service Samsung smartphones was actually a massive security flaw. The vulnerability had to do with Samsung's TouchWiz user interface and would allow malicious persons to completely wipe a users Samsung smartphone, deleting all data stored on the device.

The flaw reportedly affected multiple Samsung smartphones, including the hugely popular Galaxy S II. Unfortunately for owners of these devices, the flaw was relatively easy to exploit and involved sending a simple code -- *2767*3855# -- to the phone dialer to trigger a factory reset on some models.

On other models of Samsung smartphones, the user would have had to hit the call button to trigger the factory reset. The problem was that any malicious website could simply use the code telling the Samsung smartphones to dial a phone number to initiate the device reset.

Samsung has patched this security flaw and is urging users to update. Samsung stated:

We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.

The security vulnerability was unveiled at a security conference in Argentina reports TechCrunch. A security researcher from the Technical University Berlin Ravi Borgaonkar demonstrated the vulnerability at the conference.

View: Article @ Source Site