Real Time Analytics

A technical flaw for Samsung phones can trigger a factory reset state

A technical flaw for Samsung phones can trigger a factory reset state

A new vulnerability in top notch Samsung phones has been found according to which a simple line of code embedded on a web page can trigger a factory reset on them. In other words, this simple line of code can lock the SIM card of the phone, bringing it back to factory reset state. This was found in a recent research and was demonstrated by Technical University of Berlin researcher Ravi Borgaonkar during the Ekoparty security conference in Buenos Aires, Argentina.

During the demonstration, it was shown that a text message, NFC connection or QR code could cause an Android phone running Samsung’s proprietary TouchWiz interface to loss the data. This also includes the most popular offering form Samsung, that is, Galaxy S3. The main reason behind this technical flaw, according to Borgaonkar, is the use of Unstructured Supplementary Service Data by Galaxy S3 and other Samsung phones to communicate with application servers.

The research demonstrated that a simple web page containing the code “*2767*3855#” embedded in a frame triggers the original factory setting of the phone without any prior warning. However, this does not happen if a user manually browses the web page.

Later on, it was reported by another tech source that the mobile version of Google Chrome is safe from this flaw. The same resource also claimed that top notch Samsung phones such as Samsung Galaxy S2, Galaxy S3, Galaxy S Advance, Galaxy Ace and Galaxy Beam are all vulnerable to this flaw. However, a point to be noted is that Samsung devices that do run the TouchWiz interface and solely rely on the standard Android operating system, such as Google Nexus, are free of this flaw. Besides, the effect of the flaw varies from phone to phone. For instance, in some phones it results in the trigger of factory reset while in some other, the SIM card is blocked.

The tech source that tested various Android devices also reported that Samsung Galaxy S3 running Jelly Bean was free of this flaw, which might mean that the flaw has been rectified in the most recent version of the operating system. According to another tech source, the problem most probably exists with Android and not with TouchWiz and has been rectified to some extent due to the over-the-air updates released by major US carriers. But regardless of the actual source of the flaw, it is quite evident that the alteration of the original Android code with the pieces of codes added by phone makers and wireless carriers alters the security situation, revealing the hidden vulnerability of the device.

Tags: , , , ,


Comments are closed.