Single Line of Code Allows Hackers to Remotely Wipe Samsung Phones
Steven Blum has written more than 2,000 blog posts as a founding member of AndroidPIT's English editorial team. A graduate of the University of Washington, Steven Blum also studied Journalism at George Washington University in Washington D.C. for two years. Since then, his writing has appeared in The Stranger, The Seattle P-I, Blackbook Magazine and Venture Villlage. He loves the HTC One and hopes the company behind it still exists in a few years.
Uh-oh. I think Samsung may be facing one of the biggest security loopholes we've ever seen.
A single line of code has been found to be able to remotely wipe a Samsung Galaxy S3, Galaxy S2 and a number of other Samsung phones, according to security researchers. The USSD code can be sent from a website, pushed to a phone by NFC or triggered by a QR code. Once it's been sent, the phone begins systematically wiping everything on the SD card, and the erasing process cannot be stopped.
While the user can see what's happening to their phone, they cannot stop the process by hitting "back." Moreover, there's no way a user would be able to prevent the wiping from taking place, as a QR reader typiscally loads whatever website has been stored to each code automatically, as does an NFC reader. On Samsung Touchwiz, the default action is to dial the code automatically.
Even more distubring, it seems that a separate USSD code could also be used to kill the SIM card as well, leaving users with a wiped SD card and a broken SIM card to boot.
So far, the security loophole has been found to affect a number of Samsung phones, including the Galaxy Beam, S Advance, Galaxy Ace and the Galaxy S2. The fact that the Galaxy Nexus has stock Android seems to be preventing the phone from being affected.
For now, the advice is to deactivate automatic site-loading in whatever QR and or NFC reader software you use, and don't click on links you can't explictly trust. Hopefully, Samsung will come up with a patch for the code quickly, as it has already been shared on social sites like Reddit, which could make your phone even more at risk.
You better believe Samsung is scrambling to create a patch for this truly massive potential breach of security. More on this story as it develops...
UPDATE: We're hearing from a few Twitter users that HTC phones (specifically the HTC One X) are also vulnerable to this security flaw, so this could be a much bigger issue than we previously imagined.