Samsung issues software fix for Galaxy S3s affected by malicious USSD hard reset exploit

Samsung Galaxy S3 review full screen android 4.0 apps home screenHere’s the scary version of the above headline: “One line of HTML code could remotely wipe your Samsung phone, and it could be hidden in the very next link you click.” Eeek! The idea that a small piece of code embedded in a website, QR code or even in an NFC transfer could cause that much damage is unsettling, and worse still, it’s absolutely true.

The all-powerful code was demonstrated at the Ekoparty security conference earlier this week, and was shown to affect many Samsung phones using the company’s TouchWiz user interface including the Galaxy S3. For those interested in seeing the so-called “dirty code” in action, this is the video you need to watch.

It works by forcing the phone to auto-dial a specific Unstructured Supplementary Service Data, or USSD, code to start the remote wipe process and in some cases, permanently disable the SIM card too. You may have used USSD codes before, for example to find your phone number or to add credit to some pay-as-you-go phones. Ravi Borganokar, the researcher who demonstrated the kill code, said the whole process could be over and done in just three seconds.

However, before you fearfully disable the data connection on your phone, Samsung has issued a statement to put your mind at rest: “We would like to assure our customers that the recent security issue concerning the Galaxy S3 has already been resolved through a software update. We recommend all Galaxy S3 customers to download the latest software update, which can be done quickly and easily via the over-the-air service.”

Is your Samsung phone vulnerable?

This is good news, and even better is that many S3 owners have found the patch has already been applied, and that European i9300 Galaxy S3s haven’t been as widely affected, and neither have all i747 AT&T S3s.

While Samsung only mentions the Galaxy S3, Slashgear.com reports that the exploit has been shown to work on the Galaxy S2, the Galaxy Beam, the Galaxy Ace and the S Advance.

If you’re wondering whether your S3, or any TouchWiz Samsung device, is vulnerable to the attack, here’s a way to find out. Visit this safe website, created by Dylan Reeve, on your phone and if your device’s IMEI number is displayed, then your phone hasn’t been patched. If it doesn’t, then you’re safe.

Additionally, a poster on XDA-developers.com’s forums pointed to the Auto-reset Blocker app available through Google Play as an alternative fix while you’re waiting for the official one. Otherwise, it’s best to exercise good sense and not click on links to or from sources you don’t trust.

Ultimately though, it looks like the disaster has been — or at least, can be — averted, so make sure you check for any OTA updates as soon as possible. You never know, Android 4.1 Jelly Bean could be waiting too.

Mobile

Bloatware could be putting millions of Android devices at risk

A study has revealed that changes to Android's firmware and added bloatware from carriers could be making millions of Android smartphones vulnerable to massive hacks and potential data theft.
Mobile

How to find a lost phone, whether it's Android, iPhone, or any other kind

Need to know how to find a lost phone? Here, we’ll help you locate your lost or stolen phone using both native and third-party apps and services, whether it’s a smartphone or an older variety.
Mobile

Need a do-over? Here's how to factory reset an iPhone, from X on down

Resetting an iPhone can alleviate all sorts of software woes, and wipe away personal data should you sell your device or give it to someone else. Here's how to factory reset an iPhone from within iOS or iTunes.
Mobile

Google working on quick charging fix for Pixel after Android 9.0 Pie update

Google's Pixel smartphone may be running the latest software, but it still has its fair share of issues. We've rounded up some of the more common Google Pixel problems, along with a few solutions for addressing them.
Mobile

Master your Sony Xperia XZ2 with these handy tips and tricks

While new Samsung and Apple phones get the lion's share of attention, Sony released three new flagships, the Xperia XZ2, XZ2 Premium, and the XZ2 Compact. Here are some of our favorite Sony Xperia XZ2 tips and tricks.
Android Army

Confused by this year's Motorola lineup? Here's the lowdown on what's to come

Struggling to figure out your E5 from your G6? No, it's not a weird chromatic scale -- it's just Motorola's new roster. But how do you know which is right for you? Find out with our guide to Motorola's 2018 phone lineup.
Mobile

Google may finally create its first flagship store in Chicago

Google is reportedly nearing an agreement on a lease for its first flagship retail store. The store will be located in Chicago, and will presumably be where the company shows off Google Pixel phones and other hardware.
Mobile

The Moto Z3 is now available (but only for Verizon customers)

Buckle up your Moto Mods and get ready -- the Motorola Moto Z3 is finally almost here. Boasting flagship specs and a classic Motorola design, the phone is set to be a serious contender for anyone looking for a flagship-like phone in 2018.
Mobile

We found out which Sony Xperia phones will get Android 9 Pie in 2019

Android 9.0 Pie has been released. But is your phone getting Android 9.0 Pie, and if so, when? We've done the hard work and asked every device manufacturer to see when their devices would be getting the update.
Mobile

Google confirms it still tracks users who turn Location History off

Google is tracking your location -- even when you tell it not to. According to an investigation by the Associated Press, Google services store location data, regardless of whether privacy settings claim otherwise.
Mobile

The HTC U12 Plus is now available in color-shifting Flame Red shade

HTC has released some pretty great flagship phones in the past few years, and it's now aiming to follow up with another one. After plenty of rumors and leaks, the company has finally taken the wraps off of the new HTC U12 Plus.
Mobile

A subway passenger may have snagged a shot of the upcoming Pixel 3 XL

It hasn't been too long since Google launched the Pixel 2, but it's already gearing up for the next iteration, the Google Pixel 3. Here's everything we know about the upcoming phones so far.
Mobile

HMD may announce the U.S. release of the Nokia 6.1 Plus next week

It's shaping up to be a big year for HMD. After announcing five phones at MWC earlier this year, the handset manufacturer is reportedly bringing another budget phone, the Nokia 6.1 Plus, to the U.S.
Mobile

Newly leaked photos show a fully functioning Motorola One Power

Many of us have come to know and love Motorola's extensive lineup of budget phones. But Motorola makes some pretty awesome midrange smartphones as well. And it looks like we're about to see its next phone, the Motorola One Power, very soon.