• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

Major Samsung Galaxy TouchWiz hard resets exploit out.

Status
Not open for further replies.

rezuth

Member
http://9to5google.com/2012/09/25/ma...d-resets-a-device-by-just-visiting-a-website/

http://www.youtube.com/watch?v=Q2-0B04HPhs


A phone dialer code can hard reset a Galaxy S2, S3, and a bunch of minor devices that use Samsung’s TouchWiz overlay. The idea is that the operator could enter it on the keypad manually to hard reset all of the data. However, it was discovered last month that an SMS could carry the number and reset the device (video above). Now, it seems some folks have tried embedding the call function in a web frame with those numbers. They were able to reset the Samsung Galaxy devices just by having the device visit a website.

Devices without Samsung’s TouchWiz overlay, like the Galaxy Nexus or Nexus S, are not susceptible. Clearly, this is something Samsung needs to address in an update soon. Like TouchWiz was not bad enough already.

Terrifying that just clicking this link can wipe your Samsung phone: tinyurl.com/dx5mqr8 ; for science, I will try it on the Galaxy Nexus

Just a heads up.
'
Edit:
http://www.androidpolice.com/2012/0...ng-exploit-it-was-already-fixed-in-an-update/
There has been a lot of misinformation floating around this morning about an alleged "exploit" on Samsung phones that allows the entire device to be wiped from the browser using what's called a USSD code. Basically, a bit of Android intent code cleverly placed in a web page can call up your dialer and insert a code that wipes the whole device (the USSD code), all without you ever confirming anything.
Unfortunately, everyone (ourselves included) kind of jumped the gun on this without consulting the experts first, and things are more complicated than we thought. Some outlets are reporting that this glitch affects the Samsung Galaxy S III (such as the AT&T version here in the US), but our own evidence suggests otherwise. Here's a stock AT&T Galaxy S III on the latest OTA update (issued last week) initiating the exploit - it doesn't work. It just goes to a blank dialer.


What we do know is that every variant of the Galaxy S III in the United States received very similar OTA updates in the last few weeks (see: Verizon, T-Mobile, Sprint, AT&T). And if the exploit isn't working in the most recent AT&T OTA, it's probably fair to assume the same fixes were contained in all three other carriers' updates. So, if your GS3 is up to date, you're probably not vulnerable.
 
Posted in like 3 threads already and it's confirmed that it hasn't been working for weeks, if not months now (AT&T, Canadian, and International for sure)
 
1) not a TouchWiz exploit

2) WORSE

This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected. The fact is, this is not a Samsung problem, it's an old Android problem that has been known about for some time.

http://www.androidpolice.com/2012/0...eset-on-many-samsung-phones-running-touchwiz/








3) ALSO! FUCK VERIZON!!!

Our Verizon Galaxy S3 was not reset by the malicious code embedded in a web page, though we were able to trigger a reset using similar code tied to a hyperlink. Mobile dev Justin Case tells us the issue is fixed in the latest AT&T and international Galaxy S3 firmwares, though devices that have not been updated may remain vulnerable. Others have reported that devices like the Galaxy Ace and Galaxy Beam are also affected. As far as we can tell, though, the bug does not affect Samsung phones running stock Android, like the Galaxy Nexus.

http://www.androidcentral.com/major...hones-could-trigger-factory-reset-web-browser
 
Does not work on International (UK) official rom for S3, just tested. Looks like Samsung must have fixed it in an earlier update.
 

image.php
 
Yea I am terrified.... Considering its already fixed and all.

but that NFC exploit! imagine if your phone is not asleep, is unlocked, NFC is on, auto-open is on, you have that vulnerable version of that office documents app, and you pass with 3cm of another device giving off the exploit!

it could happen!
 
This is how I feel when people talk about Mac viruses.

But it's not the same. Macs can get viruses fairly easily these days (I guess increased popularity is to blame?). I've had issues with mine like I have had with any of my computers or laptops. Happens at a slower pace on Macs but is usually harder to sort out barring a re-boot and fresh install of OSX.
 
What about S2's though? My mum literally just got one the other day, she'd be a little unhappy if she ran into this and it reset her phone and lost all her contacts...
 
a bit of hyperbole, wouldn't you say?

In the last 5 years I've owned and used one PC, 2 windows laptops and 2 Macbook Pros. Guess which of them got more viruses? I say viruses but I think malware would be more accurate. Though in fairness I did have Kaspersky on my Windows systems. I didn't on the Macs as I read virus software could actually be detrimental on OSX.
 
But it's not the same. Macs can get viruses fairly easily these days (I guess increased popularity is to blame?). I've had issues with mine like I have had with any of my computers or laptops. Happens at a slower pace on Macs but is usually harder to sort out barring a re-boot and fresh install of OSX.

earlier this year maybe, but not recently. they've pretty much wiped out the Mac exploits...
 
From the subject in the OP to Mac viruses in under 40 posts. Nicely done!

I expect we'll see more of this kinda thing in the future. Norton for Android incoming.
 
isn't there a VLC for Mac? why worry about random codecs?

VLC is my go to, but there was a bunch of vids that used some new form of DivX or something. Googled it and some codec pack was recommended but it really messed up my Mac. Slowed everything down, messed up my browsers and even my Quick time too. Wasn't able to sort it without a clean re boot.

Going to be more annoying if something similar ever happens on my retina since they didn't include the OS on a DVD...
 
USSD Vulnerability Test - http://www.androidcentral.com/ussd-test

see if you're vulnerable without factory restoring your phone.




From the subject in the OP to Mac viruses in under 40 posts. Nicely done!

I expect we'll see more of this kinda thing in the future. Norton for Android incoming.

https://play.google.com/store/apps/details?id=com.symantec.mobilesecurity&hl=en




Perhaps you should look at who brought it up in the first place

lets not bring facts into this.




VLC is my go to, but there was a bunch of vids that used some new form of DivX or something. Googled it and some codec pack was recommended but it really messed up my Mac. Slowed everything down, messed up my browsers and even my Quick time too. Wasn't able to sort it without a clean re boot.

Going to be more annoying if something similar ever happens on my retina since they didn't include the OS on a DVD...

but it's VLC, it should just work...
 
Status
Not open for further replies.
Top Bottom