Samsung Galaxy S3 has huge security flaw

ScottishDuck

macrumors 6502a
Original poster
Feb 17, 2010
550
178
Argyll, Scotland

Any Samsung Galaxy S3 can be remotely wiped if sent the following code

tel:*2767*3855%23
This code can be embedded in HTML, sent in a text, email, anything...

This is a big one.
 
Last edited by a moderator:

The iGentleman

macrumors 6502a
Jul 13, 2012
543
0

Any Samsung Galaxy S3 can be remotely wiped if sent the following code



This code can be embedded in HTML, sent in a text, email, anything...

This is a big one.
This doesn't work. I just sent a text to my GS3 with that number and nothing happened besides me receiving the text....nothing to see here.. :rolleyes:
 
Last edited by a moderator:

munkery

macrumors 68020
Dec 18, 2006
2,217
1
Remote wipe Samsung devices via the browser

Samsung devices don't use USSD codes securely.

The USSD code to factory data reset a Galaxy S3 is *2767*3855#

This can be triggered from browser like this: <frame src="tel:*2767*3855%23" />
 

GoCubsGo

macrumors Nehalem
Feb 19, 2005
35,743
142
And the point or you just exposing some issue? If it is the latter when maybe you can simply elaborate.
 

Sensamic

macrumors 68030
Mar 26, 2010
2,599
280
IPhone has had several huge security flaws, like the one in messages two months ago where a Russian hacker could hack your phone and steal all your info and contacts.

And iPhone has had many other, like the one in safari that allowed jailbreakme.com.

So...
 

tbayrgs

macrumors 604
Jul 5, 2009
6,536
3,464
IPhone has had several huge security flaws, like the one in messages two months ago where a Russian hacker could hack your phone and steal all your info and contacts.

And iPhone has had many other, like the one in safari that allowed jailbreakme.com.

So...
And this has what exactly to do with this thread?
 

munkery

macrumors 68020
Dec 18, 2006
2,217
1
IPhone has had several huge security flaws, like the one in messages two months ago where a Russian hacker could hack your phone and steal all your info and contacts.

And iPhone has had many other, like the one in safari that allowed jailbreakme.com.

So...
Android has far more serious security issues than iOS.

This is exemplified by how much malware targets Android while iOS hasn't had any real malware threats.
 

ChazUK

macrumors 603
Feb 3, 2008
5,394
24
Essex (UK)
Possibly not as big an issue as the tech media made out to be?

http://www.androidpolice.com/2012/09/25/video-most-galaxy-s-iii-devices-are-not-vulnerable-to-ussd-wiping-exploit-it-was-already-fixed-in-an-update/

Most Galaxy S III Devices Are Not Vulnerable To USSD Wiping Exploit: It Was Already Fixed In An Update

There has been a lot of misinformation floating around this morning about an alleged "exploit" on Samsung phones that allows the entire device to be wiped from the browser using what's called a USSD code. Basically, a bit of Android intent code cleverly placed in a web page can call up your dialer and insert a code that wipes the whole device (the USSD code), all without you ever confirming anything.
Unfortunately, everyone (ourselves included) kind of jumped the gun on this without consulting the experts first, and things are more complicated than we thought. Some outlets are reporting that this glitch affects the Samsung Galaxy S III (such as the AT&T version here in the US), but our own evidence suggests otherwise. Here's a stock AT&T Galaxy S III on the latest OTA update (issued last week) initiating the exploit - it doesn't work. It just goes to a blank dialer.

More page hit fodder! :D
 
Last edited by a moderator:

r.j.s

Moderator emeritus
Mar 7, 2007
14,927
35
Texas
As far as I know this is only on TouchWiz and I'm running an AOSP based ROM so I guess I'm safe :D
Not true. This is an old android bug, which has been largely patched - but existed in the default browser and samsung dialer until a recent OTA fix.
 

Sincci

macrumors 6502
Aug 17, 2011
251
29
Finland
Doesn't do anything with my S3

Doesn't even launch the dialer app with the international Galaxy S3 (i9300) with latest official 4.0.4 XXBLH3 firmware and latest unofficial 4.1.1 leak for nordic countries (XXDLI8), haven't tried it with the official 4.1.1 for poland (XXDLIB), but I would assume that it doesn't have this bug either.
 

G51989

macrumors 68030
Feb 25, 2012
2,506
10
NYC NY/Pittsburgh PA
Android has far more serious security issues than iOS.

This is exemplified by how much malware targets Android while iOS hasn't had any real malware threats.
Well, Malware targets the highest amount of users, and there are far more Android users than iOS users.

I've never had any security problems on any of my Android devices. Clearly it must actually be iOS.
 

munkery

macrumors 68020
Dec 18, 2006
2,217
1
Well, Malware targets the highest amount of users, and there are far more Android users than iOS users.

I've never had any security problems on any of my Android devices. Clearly it must actually be iOS.
Nope.

More Android phones but factor in iPads then way more devices running iOS.

At the moment: mobile & tablet only / overall

iOS = 66% / 6%

Android = 21% / 2%

http://www.netmarketshare.com/mobile-market-share

http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=

Totally throws the market share theory in the garbage.
 
Last edited: