Linked by Thom Holwerda on Tue 25th Sep 2012 21:14 UTC, submitted by bowkota
PDAs, Cellphones, Wireless On the same day I bought a brand new iMac and switched back to Mac (no joke!), and teased the employees at the Apple retailer with my Galaxy SII, Samsung goes around and pulls something idiotic like this. TouchWiz, Samsung's Android skin, has a very severe flaw which passes digits along from JavaScript (via their modified browser) to the modified dialler, allowing your device to be factory reset (!) by just visiting a link - via NFC, QR, or plain. This doesn't affect all Samsung devices, but those that are affected are all TouchWiz devices. This just proves once again that you should either buy Nexus, or make the switch to Cyanogenmod (or any of the other AOSP-based ROMs).
Order by: Score:
someone
Member since:
2006-01-12

When a refresh is expected soon...

Reply Score: 2

Thom_Holwerda Member since:
2005-06-29

1) I need it now (work depends on it).
2) no early adopter issues.
3) those new ones can easily be 4-5-6 weeks away for Dutch folk. Can't go that long without income.
4) there's always something new right around the corner. I don't live my life based on that.

Yes, I had three computers die in a few months' time.

Reply Score: 3

kragil Member since:
2006-01-04

How about buying computers you can easily repair yourself? (makes sense when your work depends on it IMO)

Reply Score: 3

Neolander Member since:
2010-03-08

And, out of curiosity too, why switch back to Mac now ? Considering Apple's recent actions, it doesn't sound like the perfect timing to reward them with money.

Reply Score: 5

Another, simpler solution
by WereCatf on Tue 25th Sep 2012 21:36 UTC
WereCatf
Member since:
2006-02-15

Just use another browser. I've personally been using Opera for years and I see no reason whatsoever to switch. Especially so since I can't use CyanogenMod.

Reply Score: 1

RE: Another, simpler solution
by Windows Sucks on Tue 25th Sep 2012 21:45 UTC in reply to "Another, simpler solution"
Windows Sucks Member since:
2005-11-10

Just use another browser. I've personally been using Opera for years and I see no reason whatsoever to switch. Especially so since I can't use CyanogenMod.


?

The same goes for QR scans and NFC – Samsung’s TouchWiz UI makes the dialer automatically execute the sequence, which can potentially force a factory reset code onto your unsuspecting phone, and wipe your data.

It's not browser based..

This sucks because regular users have no clue how to use a ROM and almost no one buys nexus phones, Samsung barely markets theirs.

Reply Score: 1

RE[2]: Another, simpler solution
by darknexus on Tue 25th Sep 2012 21:53 UTC in reply to "RE: Another, simpler solution"
darknexus Member since:
2008-07-15

This sucks because regular users have no clue how to use a ROM and almost no one buys nexus phones, Samsung barely markets theirs.

Yeah, and we all know just how amazing Samsung is at providing security updates for their Android phones. </sarcasm>

Reply Score: 1

RE[3]: Another, simpler solution
by PieterGen on Tue 25th Sep 2012 22:01 UTC in reply to "RE[2]: Another, simpler solution"
PieterGen Member since:
2012-01-13

Indeed...

Reply Score: 1

Windows Sucks Member since:
2005-11-10

[q]Yeah, and we all know just how amazing Samsung is at providing security updates for their Android phones.


Or any updates for that matter.

Reply Score: 1

RE: Another, simpler solution
by darknexus on Tue 25th Sep 2012 21:49 UTC in reply to "Another, simpler solution"
darknexus Member since:
2008-07-15

Just use another browser.

In this case, I don't think another browser would help. If I understand the exploit correctly, Samsung's modified dialer is the issue here, not the browser itself. In other words, unless your browser does not do phone number detection (which will pass phone numbers to the dialer when clicked) then you can be hit by this no matter which browser you are using. There's no safety for this one if you're using one of these, except plain old common sense. The old rule still holds: If you suspect a malicious link, don't click it.

Reply Score: 1

RE[2]: Another, simpler solution
by phoudoin on Wed 26th Sep 2012 08:04 UTC in reply to "RE: Another, simpler solution"
phoudoin Member since:
2006-06-09

The old rule still holds: If you suspect a malicious link, don't click it.


Not safe enough : an URL can be resolved automatically without user interaction, like an HTML frame src URL, or a QRCode reader.
Or a RSS app: RSS Republic & co does it and, ironically, many android users actually notice the exploit news article and experience what it can do actually at the same times, thanks to their news feed app ;-).

Reply Score: 2

Touch Wiz must die
by PieterGen on Tue 25th Sep 2012 22:00 UTC
PieterGen
Member since:
2012-01-13

I recently bought a Samsung 7.7 Tab. I have a Galaxy Phone as well, which I rooted and put a custom ROM on long ago. I forgot how misarable and downright shitty Touchwiz is. It adds *nothing* to stock Android. Id be willing top pay 10 euro s more for a clean device so I would nt have the hassle of flashing and so on, to take off the unneeded bloat that.s called TouchWiz

Reply Score: 2

RE: Touch Wiz must die
by WorknMan on Wed 26th Sep 2012 01:15 UTC in reply to " Touch Wiz must die"
WorknMan Member since:
2005-11-13

Speaking of Touch Wiz, instead of this exploit wiping the entire phone, it's too bad it just doesn't wipe Touch Wiz off the device. Then they could charge money for the service ;) hehe

Reply Score: 3

RE[2]: Touch Wiz must die
by PieterGen on Wed 26th Sep 2012 08:06 UTC in reply to "RE: Touch Wiz must die"
PieterGen Member since:
2012-01-13

LOL. Maybe time for someone to develop the most beloved piece of malware known to man: TouchWizKilla ;-) Kills only Touchwiz but leaves the rest on"touched" :-)

Reply Score: 2

RE: Touch Wiz must die
by adkilla on Wed 26th Sep 2012 10:16 UTC in reply to " Touch Wiz must die"
adkilla Member since:
2005-07-07

TouchWiz is called CheezeWiz at times because it is the cheesiest of android customizations ever. When was the last time you've heard of MotoBlur or even SenseUI being this downright ridiculous?

Reply Score: 2

Comment by some1
by some1 on Wed 26th Sep 2012 00:34 UTC
some1
Member since:
2010-10-05

There are a lot of conflicting reports on this. From this Google's commit:
https://android.googlesource.com/platform/packages/apps/Contacts/+/3...
it seems like this was a stock Android dialer bug that was fixed in June. This is consistent with the claim here: http://securitywatch.pcmag.com/none/303097-dirty-ussd-hack-wipes-sa...
that it was reported to Samsung and Google in June.
There are reports that this fix was shipped in 4.0.4 and 4.1 stock builds and Samsung pushed OTA updates where it could. Of course, those using carrier-provided ROMs can be out of luck.

Reply Score: 3

RE: Comment by some1
by phoudoin on Wed 26th Sep 2012 07:56 UTC in reply to "Comment by some1"
phoudoin Member since:
2006-06-09

Indeed, the issue is most carrier-subsidized phones with custom ROM don't support them as they should, allowing such hole to be unfixed for months.

Unfortunatly, considering the price of a smartphone, many owners get a carrier-subsidized one...

Reply Score: 2

RE[2]: Comment by some1
by some1 on Wed 26th Sep 2012 12:26 UTC in reply to "RE: Comment by some1"
some1 Member since:
2010-10-05

Androidpolice says most US carriers likely pushed a fix last week: http://www.androidpolice.com/2012/09/25/video-most-galaxy-s-iii-dev...
This is for S3, don't know about other models.

Reply Score: 2

RE[3]: Comment by some1
by phoudoin on Wed 26th Sep 2012 12:35 UTC in reply to "RE[2]: Comment by some1"
phoudoin Member since:
2006-06-09

Androidpolice says most US carriers likely pushed a fix last week.


They didn't pushed a *fix*, but a full upgrade to Android 4.0.4 or sooner, which already include the fix.
I'll bet that they didn't even knew that the issue existed on the first place and that only this upgrade comes with the fix. May Jelly Bean was not ready to broadcast, I'm pretty sure no official fix will be available yet.

Reply Score: 2

RE[4]: Comment by some1
by some1 on Wed 26th Sep 2012 12:43 UTC in reply to "RE[3]: Comment by some1"
some1 Member since:
2010-10-05

Or maybe they knew. They rarely push updates at the same time otherwise. And who cares if this was one patch or 4.0.4 update, which is just a few patches itself. The point is that most S3s are already patched, even those with carrier ROMs.

Reply Score: 2

phoudoin
Member since:
2006-06-09

The root bug is in the stock Android Dialer app, and was fixed in 4.0.4. An hotfix patch was pushed toward custom ROMs makers, but it seems that phone markers were more busy polishing their custom look & feel than fixing venulverality holes.

Meanwhile, install and make it default TEL handler this proxy dialer quickly hacked by XDA developers last night:

https://play.google.com/store/apps/details?id=org.mulliner.telstop

Reply Score: 3

Like good old times
by Neolander on Wed 26th Sep 2012 14:09 UTC
Neolander
Member since:
2010-03-08

This reminds me of these iOS exploits that one used for jailbreaking back in the old days. You just opened a specially crafted web page or PDF document and boom ! Out came root access !

Seriously, mobile OS security is such a joke, I can only wonder why all the flaws of our beloved gadgets haven't been used for large-scale cyber-warfare yet.

Reply Score: 3