Samsung Android TouchWiz handsets susceptible to remote data-wipe attack

Security researchers have detailed a remote data-wipe attack that can be carried out on some of Samsung’s Android TouchWiz range, including the SGS3, using a single line of code. The vulnerability only seems to apply to handsets that run TouchWiz, not Android handsets in general. For instance, the code has been found to work on the Galaxy S III, Galaxy Beam, S Advance, Galaxy Ace and Galaxy S II, but not the Samsung Galaxy Nexus, which runs stock Android.

The hack was detailed by Ravi Borgaonkar at the Ekoparty security conference, SlashGear reports. Using a single line of USSD code, which could be sent from a website, or pushed to the phone using NFC or a QR code, the attack can reset its target handset with no warning to the user. Once the code has started running, there is no way for the user to stop it and the handset will be wiped. It seems that TouchWiz handsets are vulnerable because they automatically dial the USSD code once it has been entered, whereas stock Android simply holds it in the dialler.

To make things worse, the attack can be doubled up to also kill the SIM card that is being used within the handset. It’s also possible for the handset to be pushed straight to a website running the malicious code using a WAP-push SMS message.

No doubt Samsung will want to address the issue pretty quickly. Given that stock Android is not affected, hopefully it will be a fairly simple update that is needed to fix the problem. As it stands you’ll be unlikely to encounter the threat, but it is advised that you deactivate automatic side-loading in any QR code/NFC reader software that you do run. As always you should be vigilant about opening any unknown links on your handset.

Update: Thanks to Ian for pointing out in the comments that ‘Chrome doesn’t run the USSD code in TEL: links, so changing the default browser to Chrome is probably a good start to avoiding this, at least as a short term workaround.’

See the video below for a demo of ‘Dirty’ USSD codes in action.

Join Our Monthly Newsletter

Sign up to our monthly roundup email to find out about new and forthcoming products, as well as the best bits from the Clove Blog

About Chris Ward

Better known as 'Wardy', digital media is where his interest lies. Responsible for many elements of the Clove website and external advertising activities, Wardy is our interactive media graduate.

Always chilled out, there is never a time when you see 'Wardy' stressed. A keen music follower, he knows his DJ's and how to mix a few tracks together. Always eating, he remains stick thin and is the envy of the rest of us! A very deep character, there are some suprising twists to what Wardy knows and you'll never meet a nicer bloke if you tried!

Comments

  1. Worrying! It’s been pointed out that Chrome doesn’t run the USSD code in TEL: links, so changing the default browser to Chrome is probably a good start to avoiding this, at least as a short term workaround.

  2. There has been some experimentation around this issue over on xda, and it seems that Samsung have been aware of this for a few months, and current S3 firmware was patched some months ago to remove this vulnerability, so as long as folk have kept their S3′s up to date, they should be OK. Still seems an issue an other devices though, curiously including HTC’s Hero, so this probably isn’t exclusive to Touchwiz…

    • Ah rite OK. I’m surprised it hasn’t made the headlines a bit sooner given that Samsung has known for a while! Interesting that the Hero is also affected – I guess it could affect any version of Android with a custom skin, or possibly older versions of stock Android as well.

  3. i can’t recieve mms messages. when one is sent to me it will say the sender’s name and details e.t.c but won’t show the picture message, just says downloading but never changes from that?? how do i retrieve the message i’ve been sent?

    • Cobie, you need to check that you have the MMS settings set correctly in the phone. Have you checked that these are correct?

      • i don’t know how to set it. if i can get facebook, internet, e.t.c on my phone then shouldn’t i be able to recieve picture messages also?

        • Yes and no. You can go into settings on the phone and change the settings. Best speak to your network provider and ask them to message you with the settings, this is the easiest solution.