Go Back   MacRumors Forums > iPhone, iPod and iPad > Alternatives to iOS and iOS Devices

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 25, 2012, 08:22 AM   #1
ScottishDuck
macrumors 6502
 
Join Date: Feb 2010
Location: Argyll, Scotland
Exclamation Samsung Galaxy S3 has huge security flaw



Any Samsung Galaxy S3 can be remotely wiped if sent the following code

Quote:
tel:*2767*3855%23
This code can be embedded in HTML, sent in a text, email, anything...

This is a big one.

Last edited by OllyW; Sep 25, 2012 at 12:37 PM. Reason: Please use youtube tags
ScottishDuck is offline   0 Reply With Quote
Old Sep 25, 2012, 09:22 AM   #2
kdarling
macrumors Demi-God
 
kdarling's Avatar
 
Join Date: Jun 2007
Location: Device engineer 30+ yrs, touchscreens 23+.
If so, then how about not printing the code, please.

No reason to make it any easier for lazy jerks to screw someone up.
kdarling is offline   3 Reply With Quote
Old Sep 25, 2012, 09:48 AM   #3
The iGentleman
Banned
 
Join Date: Jul 2012
Quote:
Originally Posted by ScottishDuck View Post


Any Samsung Galaxy S3 can be remotely wiped if sent the following code



This code can be embedded in HTML, sent in a text, email, anything...

This is a big one.
This doesn't work. I just sent a text to my GS3 with that number and nothing happened besides me receiving the text....nothing to see here..

Last edited by OllyW; Sep 25, 2012 at 12:38 PM. Reason: edit to quoted post
The iGentleman is offline   0 Reply With Quote
Old Sep 25, 2012, 09:52 AM   #4
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Remote wipe Samsung devices via the browser

Samsung devices don't use USSD codes securely.

The USSD code to factory data reset a Galaxy S3 is *2767*3855#

This can be triggered from browser like this: <frame src="tel:*2767*3855%23" />
munkery is offline   0 Reply With Quote
Old Sep 25, 2012, 09:55 AM   #5
GoCubsGo
macrumors Nehalem
 
GoCubsGo's Avatar
 
Join Date: Feb 2005
And the point or you just exposing some issue? If it is the latter when maybe you can simply elaborate.
GoCubsGo is offline   0 Reply With Quote
Old Sep 25, 2012, 10:00 AM   #6
b24pgg
macrumors 65816
 
Join Date: Jan 2009
Location: CA
not true, troll thread
b24pgg is offline   3 Reply With Quote
Old Sep 25, 2012, 10:08 AM   #7
ugahairydawgs
macrumors 68020
 
ugahairydawgs's Avatar
 
Join Date: Jun 2010
Quote:
Originally Posted by SGMD1 View Post
not true, troll thread
It's a thing...

http://www.androidcentral.com/major-...et-web-browser
ugahairydawgs is offline   0 Reply With Quote
Old Sep 25, 2012, 10:17 AM   #8
b24pgg
macrumors 65816
 
Join Date: Jan 2009
Location: CA
Quote:
Originally Posted by ugahairydawgs View Post
"certain Galaxy S3 models on older firmware"
b24pgg is offline   0 Reply With Quote
Old Sep 25, 2012, 10:19 AM   #9
flopticalcube
macrumors G4
 
flopticalcube's Avatar
 
Join Date: Sep 2006
Location: In the velcro closure of America's Hat
Quote:
Originally Posted by SGMD1 View Post
"certain Galaxy S3 models on older firmware"
So thread title should be "Samsung Galaxy S3 had huge security flaw"
__________________
Read the Rules / Search the Forums / Use a Descriptive Title
Mac Won't Boot?
flopticalcube is offline   4 Reply With Quote
Old Sep 25, 2012, 10:35 AM   #10
Rodimus Prime
Banned
 
Join Date: Oct 2006
Quote:
Originally Posted by flopticalcube View Post
So thread title should be "Samsung Galaxy S3 had huge security flaw"
And added to it a work around to prevent it from happening. Using a 3rd party dailer until it is patch. This was just sloppy coding on Samsung's part.
Rodimus Prime is offline   0 Reply With Quote
Old Sep 25, 2012, 10:36 AM   #11
r.j.s
Moderator emeritus
 
r.j.s's Avatar
 
Join Date: Mar 2007
Location: Fort Knox
It can be avoided by simply using Chrome as the browser as well.
r.j.s is offline   1 Reply With Quote
Old Sep 25, 2012, 10:37 AM   #12
Sensamic
macrumors 68020
 
Join Date: Mar 2010
IPhone has had several huge security flaws, like the one in messages two months ago where a Russian hacker could hack your phone and steal all your info and contacts.

And iPhone has had many other, like the one in safari that allowed jailbreakme.com.

So...
__________________
27" iMac i5 + 240GB OWC SSD; Mac Mini HDMI 2010 as Media Center; SGS5; Nexus 7 2013 32GB Wi-Fi.
Sensamic is offline   2 Reply With Quote
Old Sep 25, 2012, 10:46 AM   #13
tbayrgs
macrumors 68040
 
Join Date: Jul 2009
Quote:
Originally Posted by Sensamic View Post
IPhone has had several huge security flaws, like the one in messages two months ago where a Russian hacker could hack your phone and steal all your info and contacts.

And iPhone has had many other, like the one in safari that allowed jailbreakme.com.

So...
And this has what exactly to do with this thread?
tbayrgs is offline   1 Reply With Quote
Old Sep 25, 2012, 10:58 AM   #14
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by Sensamic View Post
IPhone has had several huge security flaws, like the one in messages two months ago where a Russian hacker could hack your phone and steal all your info and contacts.

And iPhone has had many other, like the one in safari that allowed jailbreakme.com.

So...
Android has far more serious security issues than iOS.

This is exemplified by how much malware targets Android while iOS hasn't had any real malware threats.
munkery is offline   0 Reply With Quote
Old Sep 25, 2012, 12:32 PM   #15
ChazUK
macrumors 603
 
ChazUK's Avatar
 
Join Date: Feb 2008
Location: Essex (UK)
Possibly not as big an issue as the tech media made out to be?

http://www.androidpolice.com/2012/09...-in-an-update/

Quote:
Most Galaxy S III Devices Are Not Vulnerable To USSD Wiping Exploit: It Was Already Fixed In An Update

There has been a lot of misinformation floating around this morning about an alleged "exploit" on Samsung phones that allows the entire device to be wiped from the browser using what's called a USSD code. Basically, a bit of Android intent code cleverly placed in a web page can call up your dialer and insert a code that wipes the whole device (the USSD code), all without you ever confirming anything.
Unfortunately, everyone (ourselves included) kind of jumped the gun on this without consulting the experts first, and things are more complicated than we thought. Some outlets are reporting that this glitch affects the Samsung Galaxy S III (such as the AT&T version here in the US), but our own evidence suggests otherwise. Here's a stock AT&T Galaxy S III on the latest OTA update (issued last week) initiating the exploit - it doesn't work. It just goes to a blank dialer.


More page hit fodder!
__________________
Windows 8 Desktop | iPhone 4s | iPad 2 | Nexus 5 | Nexus 7 | Lumia 530

Last edited by OllyW; Sep 25, 2012 at 12:35 PM. Reason: Please use youtube tags
ChazUK is offline   0 Reply With Quote
Old Sep 25, 2012, 12:41 PM   #16
3bs
macrumors 603
 
3bs's Avatar
 
Join Date: May 2011
Location: Dublin, Ireland
As far as I know this is only on TouchWiz and I'm running an AOSP based ROM so I guess I'm safe
3bs is offline   0 Reply With Quote
Old Sep 25, 2012, 12:58 PM   #17
r.j.s
Moderator emeritus
 
r.j.s's Avatar
 
Join Date: Mar 2007
Location: Fort Knox
Quote:
Originally Posted by 3bs View Post
As far as I know this is only on TouchWiz and I'm running an AOSP based ROM so I guess I'm safe
Not true. This is an old android bug, which has been largely patched - but existed in the default browser and samsung dialer until a recent OTA fix.
r.j.s is offline   0 Reply With Quote
Old Sep 25, 2012, 01:11 PM   #18
Sincci
macrumors regular
 
Join Date: Aug 2011
Location: Finland
Doesn't do anything with my S3

Doesn't even launch the dialer app with the international Galaxy S3 (i9300) with latest official 4.0.4 XXBLH3 firmware and latest unofficial 4.1.1 leak for nordic countries (XXDLI8), haven't tried it with the official 4.1.1 for poland (XXDLIB), but I would assume that it doesn't have this bug either.
Sincci is offline   0 Reply With Quote
Old Sep 25, 2012, 07:37 PM   #19
Wrathwitch
macrumors 65816
 
Join Date: Dec 2009
Quote:
Originally Posted by r.j.s View Post
It can be avoided by simply using Chrome as the browser as well.
Exactly what this guy/gal said....
__________________
Life is too short to dance with ugly men!
Wrathwitch is offline   0 Reply With Quote
Old Sep 25, 2012, 07:52 PM   #20
3bs
macrumors 603
 
3bs's Avatar
 
Join Date: May 2011
Location: Dublin, Ireland
Quote:
Originally Posted by r.j.s View Post
Not true. This is an old android bug, which has been largely patched - but existed in the default browser and samsung dialer until a recent OTA fix.
I guess I had it mixed up with this http://www.theverge.com/2012/9/25/34...-vulnerability
3bs is offline   0 Reply With Quote
Old Sep 25, 2012, 07:56 PM   #21
r.j.s
Moderator emeritus
 
r.j.s's Avatar
 
Join Date: Mar 2007
Location: Fort Knox
Quote:
Originally Posted by 3bs View Post
I guess I had it mixed up with this http://www.theverge.com/2012/9/25/34...-vulnerability
That's the same bug - and it was clarified to be a generic (patched) android flaw on several android-centric sites earlier today.
r.j.s is offline   0 Reply With Quote
Old Sep 25, 2012, 10:10 PM   #22
Solomani
macrumors 68000
 
Solomani's Avatar
 
Join Date: Sep 2012
Code is from the 1970s

The code is: 867-5309
Solomani is offline   1 Reply With Quote
Old Sep 25, 2012, 11:57 PM   #23
NbinHD
macrumors 6502
 
Join Date: May 2012
Location: Macbook Pro 13'' - Mid 2012 Baseline
 
He is using a Samsung Galaxy S2?
NbinHD is offline   0 Reply With Quote
Old Sep 26, 2012, 12:22 AM   #24
G51989
Banned
 
Join Date: Feb 2012
Location: NYC NY/Pittsburgh PA
Quote:
Originally Posted by munkery View Post
Android has far more serious security issues than iOS.

This is exemplified by how much malware targets Android while iOS hasn't had any real malware threats.
Well, Malware targets the highest amount of users, and there are far more Android users than iOS users.

I've never had any security problems on any of my Android devices. Clearly it must actually be iOS.
G51989 is offline   0 Reply With Quote
Old Sep 26, 2012, 02:07 PM   #25
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by G51989 View Post
Well, Malware targets the highest amount of users, and there are far more Android users than iOS users.

I've never had any security problems on any of my Android devices. Clearly it must actually be iOS.
Nope.

More Android phones but factor in iPads then way more devices running iOS.

At the moment: mobile & tablet only / overall

iOS = 66% / 6%

Android = 21% / 2%

http://www.netmarketshare.com/mobile-market-share

http://www.netmarketshare.com/operat...d=8&qpcustomd=

Totally throws the market share theory in the garbage.

Last edited by munkery; Sep 26, 2012 at 03:15 PM.
munkery is offline   0 Reply With Quote

Reply
MacRumors Forums > iPhone, iPod and iPad > Alternatives to iOS and iOS Devices

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -5. The time now is 06:08 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC