Samsung slaps swift patch over phone-wiping Galaxy S III vuln

Smartmobe owners can bonk without fear again


Samsung has whipped out a fix for an embarrassing flaw in its smartphones that allows miscreants to wipe victims' phones with a simple web link. The South Korean electronics giant is pushing out the patch right now.

The Galaxy S III has a firmware update available that closes the security hole, and it can be picked up from an over-the-air download - and it may already be installed on many handsets.

Fixes for other Samsung phones should be expected soon although the manufacturer is being uncharacteristically taciturn about the details. But a rapid fix is always a good thing, especially as knowledge of the flaw spreads.

The existence of the problem was revealed at the Ekoparty 2012 hacking event over the weekend, and enables mischievous colleagues and vandalistic hackers to hard reset Samsung handsets with ease, wiping all the data and returning the phone to its factory state.

The TouchWiz phone dialling application, it seems, was responsible. The software responds to phone numbers delivered in a URL in the same way as those entered manually, allowing special codes to be entered and executed from a web link picked up by wireless NFC, embedded in a web page or read off a QR code.

Given the nature of the problem the quick fix isn't a surprise: a minor tweak to the dialler was all that's needed although Samsung still deserves credit for getting the patch deployed so quickly.

Users wanting to know if their fix has been applied can drop by Android Central, which has a benign example available, while those who want to live dangerously can follow these instructions and bet their data that Samsung has fixed the problem. ®

Broader topics


Other stories you might like

  • Cisco EVP: We need to lift everyone above the cybersecurity poverty line
    It's going to become a human-rights issue, Jeetu Patel tells The Register

    RSA Conference Exclusive Establishing some level of cybersecurity measures across all organizations will soon reach human-rights issue status, according to Jeetu Patel, Cisco EVP for security and collaboration.

    "It's our civic duty to ensure that everyone below the security poverty line has a level of safety, because it's gonna eventually get to be a human-rights issue," Patel told The Register, in an exclusive interview ahead of his RSA Conference keynote. 

    "This is critical infrastructure — financial services, health care, transportation — services like your water supply, your power grid, all of those things can stop in an instant if there's a breach," he said. 

    Continue reading
  • Samsung said to be sniffing around European chipmakers
    Fresh out of jail on corruption charges, the company's leader goes shopping

    Samsung vice chairman Lee Jae-yong is said to be courting Dutch chipmaker NXP on a visit to Europe to bolster the company's position in the automotive semiconductor market.

    According to the Asian Tech Press, Jae-yong, who has been released on probation after serving time on corruption charges, is expected to visit several chipmakers and semiconductor manufacturing vendors including the Netherland's NXP and ASML, as well as Germany's Infineon. Press became aware of Jae-yong's plans after a Seoul Central District Court approved the vice chairman's travel plans.

    NXP offers a wide array of microprocessors, power management, and wireless chips for automotive, communications, and industrial applications. However, the Asian Tech Press said Samsung's interest in the company, which is valued at approximately $56 billion, is primarily rooted in the company's automotive silicon.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading

Biting the hand that feeds IT © 1998–2022