Samsung (005930) is often accused of copying Appleâ€™s (AAPL) designs and whether or not thatâ€™s the case, the company might want to crib some lessons on more more secure coding. Ravi Borgaonkar, a security researcher at Technical University Berlin, has found that a simple USSD code that can be downloaded just by visiting a malicious website can trigger a full factory reset of several Samsung smartphones, thus wiping out all personal data and information from the device. SlashGear reports that the code apparently only works on TouchWiz-enabled Samsung devices such as the Galaxy S III, the Galaxy Beam, the S Advance, the Galaxy Ace, and the Galaxy S II. The Samsung Galaxy Nexus, which runs on pure Android, is not affected by the code. A full video of Borgaonkar showing off the malicious code is posted below.
UPDATE: Samsung has issued an over-the-air update that fixes the problem in the Galaxy S III.
Major Galaxy S III vulnerability patched by Samsung, update now available
Samsung (005930) on Wednesday confirmed it has issued an update that fixes a major security flaw in its flagship Galaxy S III smartphone. The vulnerability, which was uncovered earlier this week, allowed a simple script included in the code on any webpage to remotely wipe the Galaxy S III, erasing all of its data and restoring it to factory settings. â€We would like to assure our customers that the recent security issue concerning the Galaxy S III has already been resolved through a software update,â€ a Samsung spokesperson said in a statement given to Engadget. â€œWe recommend all Galaxy S III customers download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.â€ The security hole still affects other smartphones that include Samsungâ€™s TouchWiz user interface and service layer, and reports suggest other Android smartphones may be vulnerable to the hack as well.