Updated: Clarifications on which phones are affected, and the nature of the vulnerability.
A major security vulnerability has been discovered in some TouchWiz-based
Samsung smartphones, including the
Galaxy S2 and
certain Galaxy S3 models on older firmware. The bug was first
demonstrated days ago by security researcher Ravi Borgaonkar at the
Ekoparty security conference. It involves the use of a single line of
code in a malicious web page to immediately trigger a factory reset
without prompting the user, or allowing them to cancel the process. Even
more serious is the possibility that this could be paired with a
similar glitch to render the user's SIM card inoperable. And as the
malicious code is in URI form, it can also be delivered via NFC or QR
code.
Our Verizon Galaxy S3 was not reset by the malicious code embedded in
a web page, though we were able to trigger a reset using similar code
tied to a hyperlink. Mobile dev Justin Case tells us the issue is fixed
in the latest AT&T and international Galaxy S3 firmwares, though
devices that have not been updated may remain vulnerable. Others have
reported that devices like the Galaxy Ace and Galaxy Beam are also
affected. As far as we can tell, though, the bug does
not affect Samsung phones running stock Android, like the
Galaxy Nexus.
The vulnerability is the result of the way the native Samsung dialer
app handles USSD codes and telephone links. USSD codes are special
combinations of characters that can be entered in the keypad to perform
certain functions, like enabling call forwarding, or accessing hidden
menus on the device. On Samsung phones, there's also a USSD code for
factory resetting the phone (and presumably another for nuking your
SIM). This, combined with the fact that the dialer automatically runs
telephone links that are passed to it by other apps, results in a
particularly nasty issue for anyone unfortunate enough to run by a
malicious web page.
There are, of course, other applications of this glitch -- for
example, the ability to automatically run numbers through the dialer
could be used to call premium-rate phone numbers. But the fact that just
visiting a web site could factory reset your phone, wipe your internal
storage and nuke your SIM is a very serious issue. So we'd advise you
update your software if you're running an S3, and if you're not, we'd
recommend using a third-party dialer like
Dialer One until all this has blown over.
We've reached out to Samsung for comment on this issue, and we'll keep you updated with any information they provide.
from :http://www.androidcentral.com/major-security-vulnerability-samsung-phones-could-trigger-factory-reset-web-browser
