, and

Update: Don’t go to strange links on either device, kids.

Woah, we’ve got some crazy news here that’s just come from the depths of the internet. The Samsung Galaxy S II can be exploited super easily allowing anyone to possibly factory reset your device from inside the browser using a USSD code.

Basically, what can happen is you can be sent to a website which will open up the dialer as it recognises a phone number, but that phone number is actually a USSD code, and that USSD code is set up by Samsung to factory reset the device. Not a safe way to do it, Samsung, that’s for sure.

No doubt after hearing of this, a fix will be on the way very, very soon. Be sure to check out the video above to hear more about this exploit. In the mean time, be careful where you browse and don’t click on links that you don’t know where they lead to.

Source: alejandrospamlocoReddit.
7 Comments
newest
oldest
Inline Feedbacks
View all comments
Jakdaw

Here’s an app to prevent such requests getting from a website to the dialer:

https://play.google.com/store/apps/details?id=com.openmarket.protectsam

Guest

Exploit doesn’t work on Vodafone AU variant of SGS3 running software ver I9300TDULH1.

PointZeroOne

Yeah my galaxy s3 doesn’t parse the full code just the * to the dialler.

Gee Bee

I BET YOU THAT THE BOYS FROM CUPERTINO DESIGNED THIS

Mark

Actually, based on this, the S3 is actually safe as this vulnerability appears to have been recently fixed in updates:

http://forum.xda-developers.com/showthread.php?t=1904629&page=5

Unfortunately the same can’t be said about many other phones at this point. It appears the bug dates back as far as Android 2.1 🙁

Jack

Gizmodo has a video showing an S3 running 4.1 where this hasn’t been fixed.

Hikari0307

apparently most S3 has been patched to fix this problem weeks ago.Some on the other hand is still affected~~ Though the Aussie 4G S3 is still affected or something even though it came with 4.1~~
http://www.androidpolice.com/2012/09/25/video-most-galaxy-s-iii-devices-are-not-vulnerable-to-ussd-wiping-exploit-it-was-already-fixed-in-an-update/
http://www.gizmodo.com.au/2012/09/touchwiz-security-bug-could-wipe-your-samsung-galaxy-phone/