Summary: A single line of code embedded
in a web page can be used to trigger a remote factory reset of some
Samsung smartphones, including the Galaxy SIII and SII, a researcher has
claimed.
Owners of New samsung Galaxy SII and SIII mobile phones may want to take care when starting web hyperlinks obtained via QR, NFC or force information, after a protection specialist revealed that the devices are possibly susceptible to being slightly cleaned.
Ravi Borgaonkar, a specialist in the Peace of mind in Devices division at Specialized School Germany, confirmed the weak point at the Ekoparty protection meeting in Argentina last week.
According to Borgaonkar, the way the Galaxy SIII uses Unstructured Additional Assistance Information simply leaves it open up to exploitation via a single line of harmful value included in a web page. Unstructured Additional Assistance Information, or USSD, is used to deliver information between a phone and an application hosting server.
The value can be used to induce the totally recast for a Galaxy SIII, according to Tweets individual @pof. Embedding it in a simple shape will instantly induce a non-user started manufacturer totally recast of it, he included.
However, simply surfing around a web page with the value included will not induce the totally recast, but starting a concept via QR, NFC or WAP Push SMS will. When the web page reveals, it begins the clean.
In the display video above, taken during the Ekoparty protection meeting, Borgaonkar said that the weeknesses can be mitigated by changing off Samsung's 'Service Loading' function.
