If you’re using a Samsung smartphone with TouchWiz including the Galaxy S2 and some Galaxy S3 models, be aware that there’s a web hack that can trigger a factory reset on your beloved smartphone.
The web hack is actually a malicious code that is hiding inside a web page and gets triggered when visited using the stock browser (except Google Chrome) of a TouchWiz-based phone. The malicious code then spawns the dialer and enters a bad USSD code with the sole purpose of nuking your device back to its factory default. To give you a refresher on USSD codes, one example is *#06# which displays a smartphone’s default IMEI.
Here’s a more detailed example:
The USSD code to factory reset a Samsung Galaxy S3 is: *code*code#
and can be triggered from browser like: frame src=”tel:*code*code%??”
(Of course we’re not allowed to replicate the real code here)
The code can also be delivered via URL, NFC or QR codes. Watch the video below to see the code in action.
Samsung devices reported to be vulnerable are the Galaxy Beam, S Advance, Galaxy Ace, Galaxy S2 and Galaxy S3 with older firmware. However, Samsung phones running stock Android OS, like the Galaxy Nexus, are immune to this malicious code.
So if you’re using a Samsung TouchWiz phone, make sure that you update to the latest firmware and use Chrome as a preventive measure.
On the other side of the news, Samsung was also reported to be developing its own web browser that uses WebKit – the same browser engine that Apple uses in Safari, Google’s Chrome and on RIM’s BlackBerry devices. Should this come to light then Samsung Android users will get a more secure browsing experience.
Tested this on stock dialer for GT-P1000 with CM9 and the “hack” works (check article on “The Verge” on how to display IMEI number to check for vulnerability). Installed exDialer instead.
The vulnerability is not only on the touchWiz devices but all devices that haven’t updated…
The hack targets a bug in the stock Android browsers…
read the update in the lower part of the blog…
Looks like this is not limited to Samsung phones. http://www.androidpolice.com/2012/09/25/new-exploit-could-force-factory-reset-on-many-samsung-phones-running-touchwiz/
Thanks for the link!
So the article was right, it only affects the stock browser. It’s still safe to use chrome and dolphin :)
But Samsung still did a lousy job of finding bugs, they should have seen this and fixed it immediately when they had the chance =/
it looks like this came from… XD
question.. i have a galaxy nexus with custom rom and I installed the touchwiz UX launcher from XDA forums, will my phone be vulnerable to this kind of attack? thanks! :D NEXUS RULES!
Nope. Won’t be as it is only a custom ROM.
@ramon, Even if u use other browser or launcher, it will still affect you unless you have rooted ur phone. If u use a launcher, touchwiz is still there. and even using dolphin will not exempt u from this hack. Go to androidcentral, they have a site that can check if ur samsung phone might be vulneralble to this hack. Tried mine and it is confirmed.
Never liked touchwiz the day I bought my galaxy note, that’s why I’m using launcher app instead XD
Also using dolphin browser and google chrome rather than the stock browser, so I’m not worried about this
but I am curious if using a launcher app in a samsung phone can still activate the code?
The vulnerability is with the dialer so unless you switched to a 3rd party app then no, you’re still at risk.
Ok… definitely getting a stable CM10 ROM for the note when it comes out lol
Now, if you fell victim to this hack, how you’d probably wish you had iTunes that have your data and media files intact.
LOL, you think Samsung has no phone manager? They have Samsung Kies
Nope. Factory reset is better than iTunes. iTunes is probably the one who will reset your phone anyway. Nice try iTard.
Way to go, shitsung. Your ugly touchwiz matches your ugly phones.
Did Samsung piss on your breakfast today?
obviously an apple fanboy
Oh Sure. An ‘apple fanboy’ who has a galaxy nexus and adores the HTC One X. Yup !
I hate TouchWiz! Dammit! If only Samsung didn’t have fast phones and gorgeous SAMOLED screens, I’d never touch their products.
@John: Uhh… John, you DO know that the Galaxy Nexus is made by Samsung, right? Your comment makes you sound like you’re pissing on your own phone.
Uhh the Nexus are always of exception. Duh.
It’s still made by “shitsung”, though.
Uhh the Nexus are always of exception. Duh. They may be made by an OEM but is managed by Google.
Like I said, made. How hard is that to understand?