OSNews:

OSNews: http://www.osnews.com/story/26403/TouchWiz_exploit_factory_resets_some_Samsung_phones Exploring the Future of Computing en-us Copyright 2001-2013, David Adams adam+nospam@osnews.com Thu, 20 Jun 2013 06:30:25 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com Eh... How come you are buying an iMac at this time? http://www.osnews.com/thread?536467 http://www.osnews.com/thread?536467 When a refresh is expected soon... Tue, 25 Sep 2012 21:24:00 GMT donotreply@osnews.com (someone) Comments RE: Eh... How come you are buying an iMac at this time? http://www.osnews.com/thread?536468 http://www.osnews.com/thread?536468 1) I need it now (work depends on it).
2) no early adopter issues.
3) those new ones can easily be 4-5-6 weeks away for Dutch folk. Can't go that long without income.
4) there's always something new right around the corner. I don't live my life based on that.

Yes, I had three computers die in a few months' time. Tue, 25 Sep 2012 21:28:00 GMT donotreply@osnews.com (Thom_Holwerda) Comments Another, simpler solution http://www.osnews.com/thread?536469 http://www.osnews.com/thread?536469 Just use another browser. I've personally been using Opera for years and I see no reason whatsoever to switch. Especially so since I can't use CyanogenMod. Tue, 25 Sep 2012 21:36:00 GMT donotreply@osnews.com (WereCatf) Comments RE: Another, simpler solution http://www.osnews.com/thread?536470 http://www.osnews.com/thread?536470

Just use another browser. I've personally been using Opera for years and I see no reason whatsoever to switch. Especially so since I can't use CyanogenMod.

?

The same goes for QR scans and NFC â" Samsungâs TouchWiz UI makes the dialer automatically execute the sequence, which can potentially force a factory reset code onto your unsuspecting phone, and wipe your data.

It's not browser based..

This sucks because regular users have no clue how to use a ROM and almost no one buys nexus phones, Samsung barely markets theirs. Tue, 25 Sep 2012 21:45:00 GMT donotreply@osnews.com (Windows Sucks) Comments RE: Another, simpler solution http://www.osnews.com/thread?536471 http://www.osnews.com/thread?536471

Just use another browser.

In this case, I don't think another browser would help. If I understand the exploit correctly, Samsung's modified dialer is the issue here, not the browser itself. In other words, unless your browser does not do phone number detection (which will pass phone numbers to the dialer when clicked) then you can be hit by this no matter which browser you are using. There's no safety for this one if you're using one of these, except plain old common sense. The old rule still holds: If you suspect a malicious link, don't click it. Tue, 25 Sep 2012 21:49:00 GMT donotreply@osnews.com (darknexus) Comments RE[2]: Another, simpler solution http://www.osnews.com/thread?536472 http://www.osnews.com/thread?536472

This sucks because regular users have no clue how to use a ROM and almost no one buys nexus phones, Samsung barely markets theirs.

Yeah, and we all know just how amazing Samsung is at providing security updates for their Android phones. Tue, 25 Sep 2012 21:53:00 GMT donotreply@osnews.com (darknexus) Comments Touch Wiz must die http://www.osnews.com/thread?536473 http://www.osnews.com/thread?536473 I recently bought a Samsung 7.7 Tab. I have a Galaxy Phone as well, which I rooted and put a custom ROM on long ago. I forgot how misarable and downright shitty Touchwiz is. It adds *nothing* to stock Android. Id be willing top pay 10 euro s more for a clean device so I would nt have the hassle of flashing and so on, to take off the unneeded bloat that.s called TouchWiz Tue, 25 Sep 2012 22:00:00 GMT donotreply@osnews.com (PieterGen) Comments RE[3]: Another, simpler solution http://www.osnews.com/thread?536474 http://www.osnews.com/thread?536474 Indeed... Tue, 25 Sep 2012 22:01:00 GMT donotreply@osnews.com (PieterGen) Comments RE[3]: Another, simpler solution http://www.osnews.com/thread?536475 http://www.osnews.com/thread?536475

[q]Yeah, and we all know just how amazing Samsung is at providing security updates for their Android phones.

Or any updates for that matter. Tue, 25 Sep 2012 22:32:00 GMT donotreply@osnews.com (Windows Sucks) Comments Comment by some1 http://www.osnews.com/thread?536481 http://www.osnews.com/thread?536481 There are a lot of conflicting reports on this. From this Google's commit:
https://android.googlesource.com/platform/packages/apps/Contacts/+/3...
it seems like this was a stock Android dialer bug that was fixed in June. This is consistent with the claim here: http://securitywatch.pcmag.com/none/303097-dirty-ussd-hack-wipes-sa...
that it was reported to Samsung and Google in June.
There are reports that this fix was shipped in 4.0.4 and 4.1 stock builds and Samsung pushed OTA updates where it could. Of course, those using carrier-provided ROMs can be out of luck. Wed, 26 Sep 2012 00:34:00 GMT donotreply@osnews.com (some1) Comments RE: Touch Wiz must die http://www.osnews.com/thread?536485 http://www.osnews.com/thread?536485 Speaking of Touch Wiz, instead of this exploit wiping the entire phone, it's too bad it just doesn't wipe Touch Wiz off the device. Then they could charge money for the service

hehe Wed, 26 Sep 2012 01:15:00 GMT donotreply@osnews.com (WorknMan) Comments RE[2]: Eh... How come you are buying an iMac at this time? http://www.osnews.com/thread?536498 http://www.osnews.com/thread?536498 How about buying computers you can easily repair yourself? (makes sense when your work depends on it IMO) Wed, 26 Sep 2012 05:11:00 GMT donotreply@osnews.com (kragil) Comments RE[2]: Eh... How come you are buying an iMac at this time? http://www.osnews.com/thread?536506 http://www.osnews.com/thread?536506 And, out of curiosity too, why switch back to Mac now ? Considering Apple's recent actions, it doesn't sound like the perfect timing to reward them with money. Wed, 26 Sep 2012 06:41:00 GMT donotreply@osnews.com (Neolander) Comments Not only Samsung, and not related to TouchWizz *at all* http://www.osnews.com/thread?536510 http://www.osnews.com/thread?536510 The root bug is in the stock Android Dialer app, and was fixed in 4.0.4. An hotfix patch was pushed toward custom ROMs makers, but it seems that phone markers were more busy polishing their custom look & feel than fixing venulverality holes.

Meanwhile, install and make it default TEL handler this proxy dialer quickly hacked by XDA developers last night:

https://play.google.com/store/apps/details?id=org.mulliner.telstop Wed, 26 Sep 2012 07:49:00 GMT donotreply@osnews.com (phoudoin) Comments RE: Comment by some1 http://www.osnews.com/thread?536511 http://www.osnews.com/thread?536511 Indeed, the issue is most carrier-subsidized phones with custom ROM don't support them as they should, allowing such hole to be unfixed for months.

Unfortunatly, considering the price of a smartphone, many owners get a carrier-subsidized one... Wed, 26 Sep 2012 07:56:00 GMT donotreply@osnews.com (phoudoin) Comments RE[2]: Another, simpler solution http://www.osnews.com/thread?536513 http://www.osnews.com/thread?536513

The old rule still holds: If you suspect a malicious link, don't click it.

Not safe enough : an URL can be resolved automatically without user interaction, like an HTML frame src URL, or a QRCode reader.
Or a RSS app: RSS Republic & co does it and, ironically, many android users actually notice the exploit news article and experience what it can do actually at the same times, thanks to their news feed app ;-). Wed, 26 Sep 2012 08:04:00 GMT donotreply@osnews.com (phoudoin) Comments RE[2]: Touch Wiz must die http://www.osnews.com/thread?536514 http://www.osnews.com/thread?536514 LOL. Maybe time for someone to develop the most beloved piece of malware known to man: TouchWizKilla ;-) Kills only Touchwiz but leaves the rest on"touched" :-) Wed, 26 Sep 2012 08:06:00 GMT donotreply@osnews.com (PieterGen) Comments RE: Touch Wiz must die http://www.osnews.com/thread?536524 http://www.osnews.com/thread?536524 TouchWiz is called CheezeWiz at times because it is the cheesiest of android customizations ever. When was the last time you've heard of MotoBlur or even SenseUI being this downright ridiculous? Wed, 26 Sep 2012 10:16:00 GMT donotreply@osnews.com (adkilla) Comments RE[2]: Comment by some1 http://www.osnews.com/thread?536532 http://www.osnews.com/thread?536532 Androidpolice says most US carriers likely pushed a fix last week: http://www.androidpolice.com/2012/09/25/video-most-galaxy-s-iii-dev...
This is for S3, don't know about other models. Wed, 26 Sep 2012 12:26:00 GMT donotreply@osnews.com (some1) Comments RE[3]: Comment by some1 http://www.osnews.com/thread?536533 http://www.osnews.com/thread?536533

Androidpolice says most US carriers likely pushed a fix last week.

They didn't pushed a *fix*, but a full upgrade to Android 4.0.4 or sooner, which already include the fix.
I'll bet that they didn't even knew that the issue existed on the first place and that only this upgrade comes with the fix. May Jelly Bean was not ready to broadcast, I'm pretty sure no official fix will be available yet. Wed, 26 Sep 2012 12:35:00 GMT donotreply@osnews.com (phoudoin) Comments RE[4]: Comment by some1 http://www.osnews.com/thread?536537 http://www.osnews.com/thread?536537 Or maybe they knew. They rarely push updates at the same time otherwise. And who cares if this was one patch or 4.0.4 update, which is just a few patches itself. The point is that most S3s are already patched, even those with carrier ROMs. Wed, 26 Sep 2012 12:43:00 GMT donotreply@osnews.com (some1) Comments Like good old times http://www.osnews.com/thread?536542 http://www.osnews.com/thread?536542 This reminds me of these iOS exploits that one used for jailbreaking back in the old days. You just opened a specially crafted web page or PDF document and boom ! Out came root access !

Seriously, mobile OS security is such a joke, I can only wonder why all the flaws of our beloved gadgets haven't been used for large-scale cyber-warfare yet. Wed, 26 Sep 2012 14:09:00 GMT donotreply@osnews.com (Neolander) Comments