Samsung Security flaw (Phones can be hard reset via HTML)

AlphaJohn

Honorary Master
Joined
Sep 10, 2012
Messages
14,636
Can hard reset a SGS3 via HTML

the USSD code to factory data reset a Galaxy S3 is *2767*3855# can be triggered from browser like this: <frame src="tel:*2767*3855%23" />
https://twitter.com/pof/status/250540790491787264

Demo of it in action :)

[video=youtube;Q2-0B04HPhs]http://www.youtube.com/watch?v=Q2-0B04HPhs[/video]

Phones tested so far:
Tested on Ace, S2, S3. All vulnerable

Phones on vanilla Android is safe, this is only for Samsung's own OS.

Good going Samsung.
 

AlphaJohn

Honorary Master
Joined
Sep 10, 2012
Messages
14,636
If you on a Samsung phone scan this image

ZVVPC.png


to get another reason to upgrade to Nokia Lumia 920 {Evil grin}

Now I just need to print a couple and stick em all over the place
 

ClintZA

Banned
Joined
Aug 8, 2012
Messages
2,266
I am lead to believe the security flaw does not affect the Chrome browser, which I use by default. It also only affects "some TouchWiz-based Samsung smartphones, including the Galaxy S2 and certain Galaxy S3 models on older firmware".
 

AlphaJohn

Honorary Master
Joined
Sep 10, 2012
Messages
14,636
I am lead to believe the security flaw does not affect the Chrome browser, which I use by default. It also only affects "some TouchWiz-based Samsung smartphones, including the Galaxy S2 and certain Galaxy S3 models on older firmware".

Basically, Samsung changed the dialer app that accepts api command send to it without prompt ie: user confirmation, to "dial" the number.

So yes Chrome is perfectly fine, its the dam dialer that's the problem.... reading up about is as it was just released.
 
Last edited:

AlphaJohn

Honorary Master
Joined
Sep 10, 2012
Messages
14,636
Found a XDA thread if anyone is interested:

http://forum.xda-developers.com/showthread.php?t=1904766

Also see Android Central & Android Police report

Guess its on the Verge and Engadget as well, if not it soon will be.

Update: This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected. The fact is, this is not a Samsung problem, it's an old Android problem that has been known about for some time. More recent versions of Android avoid the wipe issue, but unpatched devices (like some Samsung phones) may still be vulnerable.
 
Last edited:

ClintZA

Banned
Joined
Aug 8, 2012
Messages
2,266
Basically, Samsung changed the dialer app that accepts api command send to it without prompt ie: user confirmation, to "dial" the number.

So yes Chrome is perfectly fine, its the dam dialer that's the problem.... reading up about is as it was just released.


There is mention made on the video to change push messages settings. Mine was already on "prompt" and not "always", surely this would mean the service would not have run by itself but required confirmation from me?
 

AlphaJohn

Honorary Master
Joined
Sep 10, 2012
Messages
14,636
There is mention made on the video to change push messages settings. Mine was already on "prompt" and not "always", surely this would mean the service would not have run by itself but required confirmation from me?

Do not have a Samsung so can not test, all I can go by is what I am reading and to be honest I am getting a lot of cross posts on who or what is to blame. will have to test to be sure, or else wait for the storm of everyone giving their input to die down.

TL;DR will the real problem please stand up.
 

Arthur

Honorary Master
Joined
Aug 7, 2003
Messages
26,879
Can you imagine the howls of derision if that Redmond company ... naah, forget it.
 
Top