Samsung Security flaw (Phones can be hard reset via HTML)

AlphaJohn

AlphaJohn

Honorary Master
Joined
Sep 10, 2012
Messages
20,126
Reaction score
15,900
Location
3rd planet from Sol
Can hard reset a SGS3 via HTML

the USSD code to factory data reset a Galaxy S3 is *2767*3855# can be triggered from browser like this: <frame src="tel:*2767*3855%23" />
Click to expand...
https://twitter.com/pof/status/250540790491787264

Demo of it in action :)

[video=youtube;Q2-0B04HPhs]http://www.youtube.com/watch?v=Q2-0B04HPhs[/video]

Phones tested so far:
Tested on Ace, S2, S3. All vulnerable

Phones on vanilla Android is safe, this is only for Samsung's own OS.

Good going Samsung.
 
If you on a Samsung phone scan this image

ZVVPC.png


to get another reason to upgrade to Nokia Lumia 920 {Evil grin}

Now I just need to print a couple and stick em all over the place
 
I am lead to believe the security flaw does not affect the Chrome browser, which I use by default. It also only affects "some TouchWiz-based Samsung smartphones, including the Galaxy S2 and certain Galaxy S3 models on older firmware".
 
ClintZA said:
I am lead to believe the security flaw does not affect the Chrome browser, which I use by default. It also only affects "some TouchWiz-based Samsung smartphones, including the Galaxy S2 and certain Galaxy S3 models on older firmware".
Click to expand...

Basically, Samsung changed the dialer app that accepts api command send to it without prompt ie: user confirmation, to "dial" the number.

So yes Chrome is perfectly fine, its the dam dialer that's the problem.... reading up about is as it was just released.
 
Last edited:
Found a XDA thread if anyone is interested:

http://forum.xda-developers.com/showthread.php?t=1904766

Also see Android Central & Android Police report

Guess its on the Verge and Engadget as well, if not it soon will be.

Update: This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected. The fact is, this is not a Samsung problem, it's an old Android problem that has been known about for some time. More recent versions of Android avoid the wipe issue, but unpatched devices (like some Samsung phones) may still be vulnerable.
Click to expand...
 
Last edited:
AlphaJohn said:
Basically, Samsung changed the dialer app that accepts api command send to it without prompt ie: user confirmation, to "dial" the number.

So yes Chrome is perfectly fine, its the dam dialer that's the problem.... reading up about is as it was just released.
Click to expand...


There is mention made on the video to change push messages settings. Mine was already on "prompt" and not "always", surely this would mean the service would not have run by itself but required confirmation from me?
 
ClintZA said:
There is mention made on the video to change push messages settings. Mine was already on "prompt" and not "always", surely this would mean the service would not have run by itself but required confirmation from me?
Click to expand...

Do not have a Samsung so can not test, all I can go by is what I am reading and to be honest I am getting a lot of cross posts on who or what is to blame. will have to test to be sure, or else wait for the storm of everyone giving their input to die down.

TL;DR will the real problem please stand up.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X