Gaping Hole in TouchWiz UI is Wiping Samsung Androids Clean
September 25, 2012 11:28 AM
"Feature" was meant to make phone techs' lives easier, but turns out to be gaping security hole
One of the biggest
to date was discovered this week, but not in Google Inc.'s (
) Android OS itself. The vulnerability was found in Samsung Electronics Comp., Ltd.'s (
) TouchWiz UI and allows malicious users to direct unwitting Samsung Android owners to webpages with frames that contain
a reset code
to wipe their device clean.
Google has long grunted and grumbled about OEMs desire to "skin" Android with custom UI experiences. It originally was looking to
kill off the practice
, but it has since relented, allowing TouchWiz UI and other custom Android UIs to persist.
The vulnerability in TouchWiz reportedly affects multiple devices including the
best-selling Galaxy S II
, plus many lesser-known Samsung handsets like the Galaxy Beam. The vulnerability involves sending the code *2767*3855# to the phone's dialer, which triggers a factory reset.
Samsung's Android build allows websites to contain the code <frame src="tel:..."> which auto-launches a call to a phone number when you click on the pertinent object. Using this vulnerability, the clickable wiping item could be hidden in all manner of website images or links.
The vulnerability was first discovered by Android enthusiast Pau Oliva (Note: contrary to his comment, the Galaxy S3 does not autocall the number, though this is the case on the S II).
Fortunately some newer Galaxy phones (such as
the Galaxy S III
) have a slightly toned down version of TouchWiz, which will only bring up the number in the dialer app, not automatically initiate the call. Hence while the reset code indeed works, the danger to the owners of certain Samsung phones is minimal given that they would have to accidentally hit the call button after the reset code came up to complete the wipe on those devices.
For owners of older devices the call reportedly auto-initiates leaving the user with no escape.
Samsung says it's "looking into" these reports.
, a telecom engineer and Android enthusiast, was first reported on the vulnerability via Twitter.
Pau Oliva [Twitter]
"Can anyone tell me what MobileMe is supposed to do?... So why the f*** doesn't it do that?" -- Steve Jobs
Samsung Racks Up 20 Million Galaxy S III Sales in 100 Days
September 6, 2012, 9:15 AM
Over 500K Chinese Android Phones are Infected With SMSZombie
August 20, 2012, 1:26 PM
Factory Resets Brick Google Wallet on Some Android Smartphones
May 29, 2012, 12:30 PM
Samsung's Galaxy S/S II Android Juggernaut Rolls With 30 Million Sold
October 18, 2011, 11:13 AM
Android 3.0 "Gingerbread" Launches Q4, Will Kill Off OEM UI "Skins"
June 30, 2010, 2:37 PM
Are You in the Market for Earphones?
March 24, 2017, 7:35 AM
Samsung Galaxy S8, Rumored Launch Date!
March 18, 2017, 6:45 AM
How about Leica Cameras
March 13, 2017, 6:30 AM
Nokia has ditched this camera technology in its new smartphones
March 7, 2017, 8:45 AM
A Baseball Cap With Camera
March 3, 2017, 7:00 AM
Nokia 3310 with longer battery life
February 28, 2017, 7:05 AM
Most Popular Articles
Apple iPad – New Faster Processor and More Fun
March 22, 2017, 7:25 AM
OnePlus 3T – 5.5” Optic AMOLED and Dash Charging Technology
March 23, 2017, 8:45 AM
Comparison – Samsung Galaxy TabPro S Vs Microsoft Surface Pro 4
March 21, 2017, 7:40 AM
Huawei P8 Lite 2017 – Android 7 Nougat Smartphone with Octa-Core Processor
March 8, 2017, 7:03 AM
Gigabyte GA-Z170X-Gaming G1 – Intel Thunderbolt 3 Certified Motherboard
March 9, 2017, 6:25 AM
Latest Blog Posts
More Apps From Google
Mar 28, 2017, 7:15 AM
Are you thinking of performance and speed? Intel claims:
Mar 25, 2017, 7:45 AM
Apple buys an automation app called Workflow. The deal was completed today and brings the app along with its developers.
Mar 23, 2017, 7:35 AM
Apple Announces new color for iPhones and iPads
Mar 22, 2017, 7:45 AM
Instagram: You Can Now Save Live Videos For Later
Mar 21, 2017, 7:49 AM
Samsung Galaxy S8 to Get New Color Scheme
Mar 20, 2017, 7:45 AM
What else to worry about?
Mar 17, 2017, 6:45 AM
Icon of the Day: Intel/ NVIDIA or Mobileye
Mar 16, 2017, 6:15 AM
JUST IN - Twitter Hijacked : High-Profile Account Accesses
Mar 15, 2017, 7:07 AM
Mar 14, 2017, 7:30 AM
News and Tips
Mar 13, 2017, 6:30 AM
iPhone 8 – May Not Get Curved Screen
Mar 11, 2017, 8:00 AM
California paves way to self-driving car tests without humans
Mar 11, 2017, 7:18 AM
Smart Machines V hackers
Mar 10, 2017, 7:00 AM
Uber Can Resume Autonomous Car Testing in California
Mar 9, 2017, 6:50 AM
Mar 8, 2017, 7:09 AM
Mar 7, 2017, 8:45 AM
World news 3-6
Mar 6, 2017, 5:40 AM
Mar 4, 2017, 7:40 AM
Mixed News of the Day
Mar 4, 2017, 6:32 AM
Jaguar Land Rover invests in ride-sharing
Mar 3, 2017, 7:00 AM
Mixed News of The World:
Mar 2, 2017, 7:02 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information