A newly discovered bug in Samsung's TouchWiz UI on Android has been shown to make the device vulnerable to remote SIM-locking and even data wiping, all with a single line of malicious code. According to online reports, an attacker could use a Web page, an SMS, an NFC Android Beam connection, or even a QR code to execute the attack, and unsuspecting users will soon find their devices undergoing the factory reset process without any warning whatsoever. The problem has been shown to affect a number of Samsung Galaxy handsets including the Galaxy S II and Galaxy S III.
Update: A statement obtained by Slashgear from Samsung confirms that the TouchWiz vulnerability has already been eliminated by way of a software update.
What Else You Need To Know
- In a video demonstration of the TouchWiz UI exploit, the device used is running Android 4.0 Ice Cream Sandwich.
Other sources
The only advice we have is don’t install any fishy-looking applications, click any weird HTML links, scan random QR codes, or touch NFC tags that you haven’t set up yourself until we hear more word.- Eric, Droid-Life
- The Next Web
-
Possible flaw in Samsung’s TouchWiz UI leaves smartphones open to data-wiping, SIM locks and more
The flaw was discovered by Ravi Borgaonkar and was shown off at the Ekoparty security conference, which showed that a simple piece of code with the correct dialer instructions could be pushed to a vulnerable handset.
- Engadget
-
'Dirty USSD' code could automatically wipe your Samsung TouchWiz device
It was demonstrated at the Ekoparty security conference last weekend, during which time presenter Ravi Borgaonkar also showed how a different code could even wipe your SIM card.
- Phone Arena
- Samsung's TouchWiz vulnerable to one-click data wipe or reset attack (video)
- Other
-
Samsung TouchWiz vulnerability will wipe some phones after just clicking a link
The latter is really the issue here: Samsung's software changes atop stock Android are allowing the GS II to automatically dial the hard reset code, taking away a critical aspect of user control.
- Other
- Samsung TouchWiz vulnerability will wipe some phones after just clicking a link
- CoolSmartPhone
-
TouchWiz exploit discovered; devices can be wiped with a single line of HTML code
Today it has been discovered that some Samsung TouchWiz-running devices can be wiped with a single line of HTML code without confirmation.
- PhoneDog
- Some Samsung TouchWiz phones said to be open to flaw that could cause a data wipe [UPDATED]
- Mobile Syrup
- Some TouchWIZ-based Samsung phones vulnerable to data wiping through simple HTML code hack
- Mobile Burn
- Samsung Touchwiz phones can be wiped through the web due to major security vulnerability
- Mobile Crunch
- Got TouchWiz? Some Samsung Smartphones Can Be Totally Wiped By Clicking A Link
- More...