26 Sep 2012

Dialing Flaw in Samsung Android Phones Can Trigger Factory Reset


Security researcher Ravi Borgaonkar from the Communications department at the Technical University of Berlin revealed a technical flaw that renders Samsung Galaxy S2 and S3 devices vulnerable to a complete remote wipe, reports cnet.com.

The discovery, presented at the Ekoparty security conference in Argentina last week, drew attention to the possibility of a single code embedded in a web link, a QR code, NFC connection or SMS triggering deletion of the user’s data from the targeted device. Borgaonkar also proved the same flaw can cause SIM cards to be blocked, which equals cutting device owners’ access to some of their phones’ features.

This kind of incident could be avoided if the device’s dialer allowed the code to be completed only after the user clicked a “send” button. It appears this is not the case with Samsung Android phones. "It's possible to exploit this attack only on Samsung devices," said Borgaonkar.

Though Samsung has not commented, the researcher’s findings will likely result in a patch release from the company. In the meantime, users can stay out of trouble by avoiding unknown URLs, NFC and QR codes.