Samsung fixed reset flaw in Galaxy S3, other updates pending

Share this article:

Last updated on September 26, 2012 5:11 PM

Samsung is working to address a flaw that could allow a number of Galaxy Android models to be reset – and has started by pushing a fix for its Galaxy S3 model.

The vulnerability was discovered by Ravi Borgaonkar, a researcher at Technical University (TU) Berlin, who demonstrated the flaw at the Ekoparty security conference last week in Buenos Aires. He found that an unstructured supplementary service data (USSD) code embedded on a malicious web page could be used to reset, or remotely wipe, Galaxy S3 devices.

On Wednesday, the blog Android Central posted a statement from Samsung on the matter. The company told users a fix for Galaxy S3 was available through a software update.

“We would like to assure our customers that the recent security issue concerning the Galaxy S3 has already been resolved through a software update,” the statement said. “We recommend all Galaxy S3 customers to download the latest software update, which can be done quickly and easily via the over-the-air (OTA) service.”

In the blog post, Android Central also said the vulnerability affected other Galaxy models, including Galaxy S2 and Galaxy Note devices.

On Tuesday, TU's Borgaonkar tweeted a link for users to check to see if their device is was vulnerable.

Samsung did not immediately respond to a request for comment, and has yet to release a statement on the status of patches for its other affected Galaxy devices.

Dylan Reeve, a New Zealand tech blogger, told SCMagazine.com in an email Wednesday that the underlying security issue may be the use of the standard Android dialer.

“Unfortunately, the issue here is that the dialer is taking that [USSD code] and treating it as if it was actually typed in," Reeve said. "This isn't how it should behave and it isn't how other phones behave.” 

He detailed the findings in a blog post Tuesday, saying that the USSD vulnerability also affected other smartphone brands, including the HTC One X and Motorola Defy running Android operating systems – meaning the flaw is “not just a Samsung problem,” but one affecting Android users.

 
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.