3 Comments

Summary:

Samsung is working fast to close a hole in its Touch Wiz software for Android phones. The exploit uses HTML and phone diagnostic codes to automatically dial a number that can either wipe the data from or hard reset a Samsung phone.

Lock on computer chip / privacy / internet privacy / security / safety
photo: Shutterstock / Tatiana Popova

Samsung is reacting quickly to this week’s news of an HTML exploit that can wipe the data or reset the company’s Android phones running Samsung TouchWiz to factory settings. On Tuesday, video of the exploit — which uses phone dialer codes — was shown on Samsung’s flagship phone, the Galaxy S III, but the issue applies to other Samsung devices as well. As a result, the company is quickly moving towards a fix that will be sent out as a software update, currently being tested.

According to the The Verge, Samsung has issued the following statement:

We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.

Although Samsung is specifically mentioning the Galaxy S III, it’s likely working on a widespread fix. The problem lies with TouchWiz, which is Samsung’s user interface on all of its Galaxy phone devices. By tapping an HTML link with a phone number — in this particular case, a number that takes action on the phone — the TouchWiz dialer automatically opens and begins to dial. The feature is meant as a convenience for phone numbers that are HTML links; not uncommon for smartphones.

  1. great, but OTA updates are controlled by the operator…

    Share
    1. True here in the U.S. and other regions, but in some areas, Samsung pushes out updates over the air or makes them user-downloadable through the Kies software. I also doubt a carrier would hold up a security update. ;)

      Share
  2. What about all their other products? I’ve reproduced the problem with a Samsung Galaxy S II and a Samsung Galaxy S – where are their updates?

    In the meantime – you can prevent such codes reaching the dialer with an app:

    https://play.google.com/store/apps/details?id=com.openmarket.protectsam

    Share

Comments have been disabled for this post