Samsung Security flaw (Phones can be hard reset via HTML)

[AlphaJohn]

Can hard reset a SGS3 via HTML

the USSD code to factory data reset a Galaxy S3 is *2767*3855# can be triggered from browser like this: <frame src="tel:*2767*3855%23" />

https://twitter.com/pof/status/250540790491787264

Demo of it in action

[video=youtube;Q2-0B04HPhs]http://www.youtube.com/watch?v=Q2-0B04HPhs[/video]

Phones tested so far:
Tested on Ace, S2, S3. All vulnerable

Phones on vanilla Android is safe, this is only for Samsung's own OS.

Good going Samsung.

 

[AlphaJohn]

If you on a Samsung phone scan this image

to get another reason to upgrade to Nokia Lumia 920 {Evil grin}

Now I just need to print a couple and stick em all over the place

 

[ClintZA]

I am lead to believe the security flaw does not affect the Chrome browser, which I use by default. It also only affects "some TouchWiz-based Samsung smartphones, including the Galaxy S2 and certain Galaxy S3 models on older firmware".

 

[AlphaJohn]

I am lead to believe the security flaw does not affect the Chrome browser, which I use by default. It also only affects "some TouchWiz-based Samsung smartphones, including the Galaxy S2 and certain Galaxy S3 models on older firmware".

Basically, Samsung changed the dialer app that accepts api command send to it without prompt ie: user confirmation, to "dial" the number.

So yes Chrome is perfectly fine, its the dam dialer that's the problem.... reading up about is as it was just released.

 

[AlphaJohn]

Found a XDA thread if anyone is interested:

http://forum.xda-developers.com/showthread.php?t=1904766

Also see Android Central & Android Police report

Guess its on the Verge and Engadget as well, if not it soon will be.

Update: This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected. The fact is, this is not a Samsung problem, it's an old Android problem that has been known about for some time. More recent versions of Android avoid the wipe issue, but unpatched devices (like some Samsung phones) may still be vulnerable.

 

[ClintZA]

Basically, Samsung changed the dialer app that accepts api command send to it without prompt ie: user confirmation, to "dial" the number.

So yes Chrome is perfectly fine, its the dam dialer that's the problem.... reading up about is as it was just released.

There is mention made on the video to change push messages settings. Mine was already on "prompt" and not "always", surely this would mean the service would not have run by itself but required confirmation from me?

 

[AlphaJohn]

There is mention made on the video to change push messages settings. Mine was already on "prompt" and not "always", surely this would mean the service would not have run by itself but required confirmation from me?

Do not have a Samsung so can not test, all I can go by is what I am reading and to be honest I am getting a lot of cross posts on who or what is to blame. will have to test to be sure, or else wait for the storm of everyone giving their input to die down.

TL;DR will the real problem please stand up.

 

[Arthur]

Can you imagine the howls of derision if that Redmond company ... naah, forget it.

 

[AlphaJohn]

Can you imagine the howls of derision if that Redmond company ... naah, forget it.

Dude can you imagine if App ... aaah I get your point

 

[Arthur]

Dude can you imagine if App ... aaah I get your point

It would be a security feature.