X

Sign in

Sign in to confirm

Have you forgotten your password?

... or login with Facebook:

Don't have an AndroidPIT account yet? Sign up

Single Line of Code Allows Hackers to Remotely Wipe Samsung Phones

Steven Blum
12

Uh-oh. I think Samsung may be facing one of the biggest security loopholes we've ever seen. 

A single line of code has been found to be able to remotely wipe a Samsung Galaxy S3, Galaxy S2 and a number of other Samsung phones, according to security researchers. The USSD code can be sent from a website, pushed to a phone by NFC or triggered by a QR code. Once it's been sent, the phone begins systematically wiping everything on the SD card, and the erasing process cannot be stopped.

While the user can see what's happening to their phone, they cannot stop the process by hitting "back." Moreover, there's no way a user would be able to prevent the wiping from taking place, as a QR reader typiscally loads whatever website has been stored to each code automatically, as does an NFC reader. On Samsung Touchwiz, the default action is to dial the code automatically.

Even more distubring, it seems that a separate USSD code could also be used to kill the SIM card as well, leaving users with a wiped SD card and a broken SIM card to boot. 

So far, the security loophole has been found to affect a number of Samsung phones, including the Galaxy Beam, S Advance, Galaxy Ace and the Galaxy S2. The fact that the Galaxy Nexus has stock Android seems to be preventing the phone from being affected.

For now, the advice is to deactivate automatic site-loading in whatever QR and or NFC reader software you use, and don't click on links you can't explictly trust. Hopefully, Samsung will come up with a patch for the code quickly, as it has already been shared on social sites like Reddit, which could make your phone even more at risk.

You better believe Samsung is scrambling to create a patch for this truly massive potential breach of security. More on this story as it develops...

UPDATE: We're hearing from a few Twitter users that HTC phones (specifically the HTC One X) are also vulnerable to this security flaw, so this could be a much bigger issue than we previously imagined.

Related Topics

Related Articles

Magazine / Tips and Tricks
1 20 hours ago

How to automatically delete old text messages on Android

Magazine / Hardware
0 5 days ago

How to boot the Galaxy S3 into recovery mode

Magazine / Hardware
9 1 week ago

How to take a screenshot with the Galaxy S3

Comments

Write new comment:
  • Eric McBride Sep 25, 2012 Link

    Good God. Another reason to stay stock :-)

    0
    0
  • Ibraheem Satti Sep 25, 2012 Link

    thank god for nexus

    0
    0
  • Patrick R. Sep 25, 2012 Link

    Samsung wouldn't allow themselves to be outdone by Apple. After the maps and Siri debacle, Sammy had to beat apple on the glitch front. LOL.

    This is bad though. Would this wipe trigger the eMMC hard brick bug on the S2 ans Note? I hope they push out the patch soon. If I get hit by this... 64GB Slate iPhone 5 it is. haha!

    0
    0
  • Geoffrey S. Sep 25, 2012 Link

    so this can be pushed to my phone by anyone?

    good thing there's nothing particularly important on my phone I guess.

    0
    0
  • Patrick R. Sep 25, 2012 Link

    I did a little research on this, thanks for the heads up. Apparently only the stock browser is affected. If you use Google Chrome, it will not trigger the bug.

    0
    0
  • Jörg V. Sep 26, 2012 Link

    @Patrick on Galaxy Note even Chrome does trigger the payload. But there's help availiable.

    Check out: https://play.google.com/store/apps/details?id=com.voss.notelurl

    I developed this nifty little app quickly to give a little protection against this thread.

    0
    0
  • Dvoraak Sep 26, 2012 Link

    @Patrick - I love your reasoning. Samsung couldn't stand to be out of the news cycle :D

    0
    0
  • Patrick R. Sep 26, 2012 Link

    @Jörg, thank you. You can really count on the Android dev community to solve problems loke these while waiting for an official OEM patch. It's nice that no permissions are required by the app. Hopefully it does its job.

    @Dvoraak, seriously though, it's at times like these that one would or should appreciate the closed ecosystem of iOS. It may not fully protect you but i guess it makes it harder for the casual hacker.

    0
    0
  • Patrick R. Sep 26, 2012 Link

    BTW, please make hyperlinks available in the App Center app comments. I had to open the AndroidPIT website in my browser, copy and paste to get to Jörg's link. Just a suggestion. :)

    0
    0
  • Patrick R. Sep 26, 2012 Link

    I was hoping the single line of code is:
    <a href="tel:SteveJobs">Click here to call Steve directly</a>

    0
    0
  • CJ Brown Oct 1, 2012 Link

    is there a recommended virus protection app (or other app) available that would thwart this?

    0
    0