Feeds

Samsung slaps swift patch over phone-wiping Galaxy S III vuln

Smartmobe owners can bonk without fear again

Seven Steps to Software Security

Samsung has whipped out a fix for an embarrassing flaw in its smartphones that allows miscreants to wipe victims' phones with a simple web link. The South Korean electronics giant is pushing out the patch right now.

The Galaxy S III has a firmware update available that closes the security hole, and it can be picked up from an over-the-air download - and it may already be installed on many handsets.

Fixes for other Samsung phones should be expected soon although the manufacturer is being uncharacteristically taciturn about the details. But a rapid fix is always a good thing, especially as knowledge of the flaw spreads.

The existence of the problem was revealed at the Ekoparty 2012 hacking event over the weekend, and enables mischievous colleagues and vandalistic hackers to hard reset Samsung handsets with ease, wiping all the data and returning the phone to its factory state.

The TouchWiz phone dialling application, it seems, was responsible. The software responds to phone numbers delivered in a URL in the same way as those entered manually, allowing special codes to be entered and executed from a web link picked up by wireless NFC, embedded in a web page or read off a QR code.

Given the nature of the problem the quick fix isn't a surprise: a minor tweak to the dialler was all that's needed although Samsung still deserves credit for getting the patch deployed so quickly.

Users wanting to know if their fix has been applied can drop by Android Central, which has a benign example available, while those who want to live dangerously can follow these instructions and bet their data that Samsung has fixed the problem. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
GoTenna: How does this 'magic' work?
An ideal product if you believe the Earth is flat
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.