Feeds

Samsung slaps swift patch over phone-wiping Galaxy S III vuln

Smartmobe owners can bonk without fear again

Top three mobile application threats

Samsung has whipped out a fix for an embarrassing flaw in its smartphones that allows miscreants to wipe victims' phones with a simple web link. The South Korean electronics giant is pushing out the patch right now.

The Galaxy S III has a firmware update available that closes the security hole, and it can be picked up from an over-the-air download - and it may already be installed on many handsets.

Fixes for other Samsung phones should be expected soon although the manufacturer is being uncharacteristically taciturn about the details. But a rapid fix is always a good thing, especially as knowledge of the flaw spreads.

The existence of the problem was revealed at the Ekoparty 2012 hacking event over the weekend, and enables mischievous colleagues and vandalistic hackers to hard reset Samsung handsets with ease, wiping all the data and returning the phone to its factory state.

The TouchWiz phone dialling application, it seems, was responsible. The software responds to phone numbers delivered in a URL in the same way as those entered manually, allowing special codes to be entered and executed from a web link picked up by wireless NFC, embedded in a web page or read off a QR code.

Given the nature of the problem the quick fix isn't a surprise: a minor tweak to the dialler was all that's needed although Samsung still deserves credit for getting the patch deployed so quickly.

Users wanting to know if their fix has been applied can drop by Android Central, which has a benign example available, while those who want to live dangerously can follow these instructions and bet their data that Samsung has fixed the problem. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.