A bug exposed in Samsung Galaxy phones was feared to enable hackers to remotely reset and wipe the data in the phone. The exploit was initially speculated to be due to the Touchwiz UI used in the phones and the device’s USSD protocol used to communicate between the handset and mobile network. There were rumours about attacks being raised from website links, although there was a potential danger from QR codes, SMS’s and NFC tags. The USSD code for factory reset, which for example in Galaxy S3 is *2767*3855# could be invoked from the browser due to this vulnerability. The possibly affected phones included Galaxy S2, S3 ans S Advance.
Samsung promptly replied with a statement that the bug has already been fixed with the latest update and has recommended users to always keep the phone updated to the latest version. The statement said:
“We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.”
The bug has however made way to a wider audience with reports suggesting that not only Samsung devices, but other Android phones might be vulnerable too. Phones like HTC One X and Motorola Defy too have been confirmed to have the same bug. The root cause of the problem has been pointed out to be the standard android dialer as it existed 3 months ago, which has been patched ever since. So, any phone that uses the older version might still be affected. A blogger named Dylan Reeve has suggested users to install a third party dialer for users whose phones are affected and who have yet to receive an update from their manufacturer that fixes the bug. He has also set up a webpage to check whether your phone is affected or not. Another user has released an “Auto Reset Blocker” app in the Play Store for those who might not want multiple dialers.
