Samsung Smartphones Have Serious Security Flaw, Finds Researcher

September 26, 2012, By Sanjeev Ramachandran

Samsung phone owners may be at the risk of getting data on the device deleted without their consent.

According to a new finding made by a security researcher, a malicious code is on prowl in the internet which can force Samsung devices for a factory reset without the consent of the user, which means they may lose all the personal data stored in the device, along with the customized settings.

Ravi Borgaonkar, a researcher with the Security in Communications department of the Technical University Berlin, has demonstrated the vulnerability in a security conference recently.

The basic vulnerability is related to Samsung’s customizable User Interface called TouchWiz. The problem arises with the way in which the TouchWiz interacts with unstructured supplementary data (USSD) codes, which are capable of making commands on the keypad of the smartphone.

What makes the practice in Samsung devices different from others is that all other dialers require the user to press send button to complete the code.

The researcher even demonstrated how a single line of code can actually take a GSIII device for a ride. He has shown that the code can be embedded in a web link, QR code or SMS or even through an NFC connection to execute the factory reset command without asking permission from the user or warning him or her.

Apart from wiping the device, it is also possible to lock the SIM card or to block the user from using many features of the device.

However, the danger can be blocked if the ‘service loading’ in the settings is turned off and if the QR code and NFC apps are disabled.

© 2008-2012 - All rights reserved | Privacy Policy