Samsung offers up patch for Galaxy S3 remote wipe vulnerability

The company says that device owners can download an over-the-air update to fix the flaw.

Samsung's Galaxy S3
Samsung's Galaxy S3 Samsung

Samsung Galaxy S3 owners are subject to a vulnerability that can actually be fixed with an over-the-air update.

Samsung today said that users can install a security update over the air that will safeguard them from a vulnerability that could allow someone to remotely delete all of their personal data from the handset.

Security researcher Ravi Borgaonkar discovered the flaw and demonstrated it last week at a security conference in Argentina. The flaw lies in the way Samsung's TouchWiz UI handles unstructured supplementary service data codes, which are allowed to execute commands on the device's keypad. Most software dialers require users to hit the "send" button to complete a code, but Samsung's software does not, the researcher claims.

Malicious hackers who realized that took to the Web and unleashed malicious code that was capable of taking advantage of the flaw and remotely wiping the entire device. According to Borgaonkar, the flaw can be exploited through Web links, QR codes, and even SMS.

Samsung didn't say how it addressed the flaw, but reassured users that the issue "has already been resolved." Interestingly, Borgaonkar said that it was "possible to exploit this attack only on Samsung devices."

CNET has contacted Samsung for more information on the fix. We will update this story when he learn more.

(Via The Verge)

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

iPhone running slow?

Here are some quick fixes for some of the most common problem in iOS 7.