A variety of Samsung smartphones can be wiped by a remote factory reset. That vulnerability, which includes the popular Galaxy S III, was highlighted at the recent Ekoparty
conference in Argentina.
The vulnerability could be induced through a single line of code, according to security researcher Ravi Borgaonkar. He said that the reset can be accomplished via a simple code using Unstructured Supplementary Service Data (USSD) that can be delivered to the smartphone by a Web site, near-field communication (NFC) wireless transmission, or a QR code.
TouchWiz User Interface
Only Samsung devices running the company's TouchWiz user interface appear to be vulnerable, while those devices by the manufacturer that are only running basic Android will show the code in the dialer screen but not automatically run it. The default setting on the devices with TouchWiz is to dial the code.
There has been confirmation that, in addition to the Galaxy S III, the USSD code can work on the Galaxy Beam, S Advance, Galaxy Ace or Galaxy S II, but not the Nexus, which runs only basic Android. Once the process begins, it cannot be stopped.
Some industry observers have indicated that a key issue is how the TouchWiz dialer handles the USSD code, because it loads the reset code and then automatically dials it. Samsung has not yet issued a statement, but company representatives have told news media that the vulnerability report is being investigated.
Additionally, if a phone is set to automatically load a site that has been delivered via a SMS message, the USSD code can also be delivered. The researchers advise deactivating any automatic site loading in on Samsung devices that read QR or NFC codes, in addition to the standard precaution not to click on any links that are unknown.
Borgaonkar reports that a USSD code could also be included that could deactivate the SIM card at the same that it wipes the phone.
Security researchers have been warning that Android devices are very susceptible to attacks and, as Android has become the top mobile platform, it has also grown into a much more visible target.
A report released earlier this month by security firm McAfee Labs, for instance, said that Android-based mobile devices continue to be the most targeted mobile platform. It found that "virtually all new mobile malware detected in Q2 2012 was directed" at that platform, in the form of SMS-sending malware, mobile botnets, spyware and destructive Trojans.
In June, a company called Lookout Mobile Security said that some providers of free Android mobile apps were accessing personal information without the user's notification or consent, through the use of "adware."
Lookout found about 5 percent of the apps it analyzed used these kinds of aggressive ad networks. Google has been criticized in some quarters for not providing pro-active monitoring of Android apps on its Google Play marketplace.