The security researchers have found that Samsung Galaxy S3, the best-selling smartphone by Samsung. Galaxy S3 is at
Malicious hackers will be able to hide this code in any web page, and the code will be triggered as soon as the user visits that webpage. This code will actually initiate a full factory reset of Galaxy S3. All the contacts, music, pictures, applications and many other important data will be wiped in a matter of two to three seconds.
Galaxy S3 which was revealed this year in the month of May, is the major rival to iPhone 5 introduced recently by Apple. This kind of security break-through is of a major concern for Samsung, who wants to retain the high sales of its best smart phone. Not only Galaxy S3, this code will initiate a factory data reset on Galaxy S2 also, and other devices that use the Samsung’s version of Android. Other versions of Android developed by various firms are not facing this security breach.
A security blogger Paul Olivia, also a Spanish telecommunications engineer was demanding to know what the engineers at Samsung were smoking when such a code was set by them for factory data reset. This code can be used remotely to wipe any Samsung Galaxy S3 device.
How does it work?
This bug in Samsung galaxy S3 was revealed at a computer security conference organised in Argentina. One of the researchers from Berlin, Ravi Borgaonkar demonstrated at the conference the method by which the code can be inserted into the source code of a web page. The code is basically a USSD code which is used by the mobile operators to provide basic services.
If any Galaxy S3 owner surfs a page of this kind, his phone will undergo a restoration to factory settings without notifying or asking permission from the user. The entire restoration process will take just two to three seconds after the launch, and the user is left incapable of doing anything. Mr. Borgaonkar also said that many other codes have been uncovered by him that can be used to perform other attacks. But, he didn’t revealed them as they could be used by criminals. One such code would kill the SIM card.
Many Samsung Galaxy S3 users have attested and confirmed it on twitter that it completely swipes their phone’s data. Some users also said that the code did not execute automatically when they were using Chrome browser by Google which was not the case with the built-in browser.
how to Prevent your Galaxy S3 from this Attack?
Mr. Bongaonkar also shared a way to avoid such kind of attacks. It can be done by switching off “service loading” in the settings. And, NFC, QR code apps should be disabled too.
Meanwhile, Samsung also came up with an update patch for the problem after receiving many complaint calls from Galaxy S3 users worldwide. The update can be downloaded easily through the OTA service.