Just put a code in a Web page, in an NFC tag, anywhere: in a few seconds the entire contents of the phone is lost. It also works on the Galaxy SIII. A group of computer scientists has discovered a security breach through codes USSD allows the deletion of some Samsung Galaxy series and when we refer to “erase” this is a hard reset , or what is the same, the reset the terminal to make it factory-fresh.
Samsung Galaxy series phones are affected by this security bug and these models with operating system Android that have the custom interface TouchWiz . And is that the ruling is based on a foundation of Android programming, called intents , which are only the orders that the user submits to the system about its future intentions and this operates it, something like when we share a Android file and opens a list of options for how we want to fill this order.
This security breach allows Android works since the introduction of USSD codes through something as simple as a web link or within an application (if the hacker gets permission to enter them). Worse matter is that, these USSD codes can be entered via NFC or QR code , allowing it to remotely and has been shown in the security conference EkoParty to apply a “hard reset” to a Samsung using these methods. Here below we have a video evidence for the dirty use of USSD codes.
There are video evidence, and confirmations of the hack: Some Samsung phones fitted with the Touchwiz interface are vulnerable to attack via USSD code (a common protocol to mobile GSM for the management of some services remotely) that can affect the contents of your phone and even the SIM card . Though the acronym USSD will be unknown to most people, in India there are notable examples to cite to explain what it traits: just think of the famous “* 123 #” Wind, useful code to discover the remaining credit on the numbers batteries. A code of 11 characters, hidden in the folds of a text message or a link, but also a QR code or NFC tag , suing unstoppable delete the contents of the phone memory or even the SIM card (option guaranteed by the fact that the USSD protocol can interact with that information, for example to set a different service center for SMS ), thus making it unusable the terminal.
Samsung has been requested to right and left for an explanation on the matter, for the moment , hiding behind the words that “we are looking into.” The question is not easy to solve, then saw that there are conflicting opinions on the actual effectiveness of the attack: someone said he had not been able to replicate the dynamics described, perhaps because of rooting the device, but the matter still deserves further investigation. subject to cancellation , there are products known and popular as Advanced Galaxy S, Galaxy Ace and Galaxy SII and SIII already mentioned . For owners of these devices do not worry too much: just avoid clicking on links from sources not 100 percent reliable to counter the threat, and upgrade your terminal to the 4.1 release of Android (Jelly Bean) if and when will be available by the end of the year for their terminal. would seem , in fact, that Samsung has solved the problem in new build upgrade to the latest version of Google’s mobile OS.