Major security flaw can factory reset Samsung Galaxy S3

By Pamela Perez

A huge security flaw has been discovered for the Samsung Galaxy S3, one where a simple line of code embedded on a Web page can trigger a factory reset or lock the SIM card.

Technical University of Berlin researcher Ravi Borgaonkar revealed the Galaxy S3 can be completely wiped of data by using a simple text message, NFC connection or QR code.

By Pamela Perez

A huge security flaw has been discovered for the Samsung Galaxy S3, one where a simple line of code embedded on a Web page can trigger a factory reset or lock the SIM card.

Technical University of Berlin researcher Ravi Borgaonkar revealed the Galaxy S3 can be completely wiped of data by using a simple text message, NFC connection or QR code.

Any Android phone running Samsung's proprietary TouchWiz interface has this vulnerability due to the use of Unstructured Supplementary Service Data to communicate with application servers.

However, simply browsing a website with the code embedded will not trigger the reset, but opening a message via QR, NFC or WAP Push SMS will. When the website link is opened, it starts the wipe.

Borgaonkar demonstrated that the vulnerability can be mitigated by switching off Samsung's 'Service Loading' feature.

Recent reports said this is an Android issue that was patched long ago, but may still affect handsets not running the most current versions of Android. Present, only Samsung devices have been found to be vulnerable to the remote wipe.

Samsung has yet to comment on this.

How to solve this

In order to see if your phone is vulnerable to this code, go to this website. The website will not cause your device to go back to factory default settings but instead will run a code to see whether the phone will automatically display its International Mobile Equipment Identity number.

Next, download TelStop from Google Play. This app will catch the wipe code. 

Leave a Reply