A newly discovered bug in Samsung's TouchWiz UI on Android has been shown to make the device vulnerable to remote SIM-locking and even data wiping, all with a single line of malicious code. According to online reports, an attacker could use a Web page, an SMS, an NFC Android Beam connection, or even a QR code to execute the attack, and unsuspecting users will soon find their devices undergoing the factory reset process without any warning whatsoever. The problem has been shown to affect a number of Samsung Galaxy handsets including the Galaxy S II and Galaxy S III.
Update: A statement obtained by Slashgear from Samsung confirms that the TouchWiz vulnerability has already been eliminated by way of a software update.
What Else You Need To Know
- In a video demonstration of the TouchWiz UI exploit, the device used is running Android 4.0 Ice Cream Sandwich.
The only advice we have is don’t install any fishy-looking applications, click any weird HTML links, scan random QR codes, or touch NFC tags that you haven’t set up yourself until we hear more word.- Eric, Droid-Life
- The Next Web
Possible flaw in Samsung’s TouchWiz UI leaves smartphones open to data-wiping, SIM locks and more
The flaw was discovered by Ravi Borgaonkar and was shown off at the Ekoparty security conference, which showed that a simple piece of code with the correct dialer instructions could be pushed to a vulnerable handset.
'Dirty USSD' code could automatically wipe your Samsung TouchWiz device
It was demonstrated at the Ekoparty security conference last weekend, during which time presenter Ravi Borgaonkar also showed how a different code could even wipe your SIM card.
- Phone Arena
- Samsung's TouchWiz vulnerable to one-click data wipe or reset attack (video)
Samsung TouchWiz vulnerability will wipe some phones after just clicking a link
The latter is really the issue here: Samsung's software changes atop stock Android are allowing the GS II to automatically dial the hard reset code, taking away a critical aspect of user control.
- Samsung TouchWiz vulnerability will wipe some phones after just clicking a link
TouchWiz exploit discovered; devices can be wiped with a single line of HTML code
Today it has been discovered that some Samsung TouchWiz-running devices can be wiped with a single line of HTML code without confirmation.
- Some Samsung TouchWiz phones said to be open to flaw that could cause a data wipe [UPDATED]
- Mobile Syrup
- Some TouchWIZ-based Samsung phones vulnerable to data wiping through simple HTML code hack
- Mobile Burn
- Samsung Touchwiz phones can be wiped through the web due to major security vulnerability
- Mobile Crunch
- Got TouchWiz? Some Samsung Smartphones Can Be Totally Wiped By Clicking A Link
Hack identified that makes TouchWiz vulernable to a remote data wipe
This code, security researchers have discovered, has the potential for malicious websites to wipe out users’ phones with no ability to prevent it.
- Android Police
- New Exploit Could Force Factory Reset On Many Samsung Phones Running TouchWiz
- Droid Life
- TouchWiz Has a Major Security Flaw that Allows Factory Resets With Just One Click
- Galaxy S III And Other TouchWIZ Phones Can Be Easily Hard Reset Via The Web Browser
- TouchWiz vulnerability could allow websites to factory reset your phone
- TouchWiz Exploit Spreads Fear Of Remote Device Wiping; Should You Worry?
- TouchWiz Exploit Can Reset A Device Just By Visiting A Website
- OS News
- TouchWiz exploit factory resets some Samsung phones
New exploit puts Samsung TouchWiz devices at risk. Yes that means the Galaxy S II and S III
It has been a while since we have seen any exploits that were malicious.