Linked by Thom Holwerda on Tue 25th Sep 2012 21:14 UTC, submitted by bowkota
PDAs, Cellphones, Wireless On the same day I bought a brand new iMac and switched back to Mac (no joke!), and teased the employees at the Apple retailer with my Galaxy SII, Samsung goes around and pulls something idiotic like this. TouchWiz, Samsung's Android skin, has a very severe flaw which passes digits along from JavaScript (via their modified browser) to the modified dialler, allowing your device to be factory reset (!) by just visiting a link - via NFC, QR, or plain. This doesn't affect all Samsung devices, but those that are affected are all TouchWiz devices. This just proves once again that you should either buy Nexus, or make the switch to Cyanogenmod (or any of the other AOSP-based ROMs).
Thread beginning with comment 536481
To read all comments associated with this story, please click here.
Comment by some1
by some1 on Wed 26th Sep 2012 00:34 UTC
Member since:

There are a lot of conflicting reports on this. From this Google's commit:
it seems like this was a stock Android dialer bug that was fixed in June. This is consistent with the claim here:
that it was reported to Samsung and Google in June.
There are reports that this fix was shipped in 4.0.4 and 4.1 stock builds and Samsung pushed OTA updates where it could. Of course, those using carrier-provided ROMs can be out of luck.

Reply Score: 3

RE: Comment by some1
by phoudoin on Wed 26th Sep 2012 07:56 in reply to "Comment by some1"
phoudoin Member since:

Indeed, the issue is most carrier-subsidized phones with custom ROM don't support them as they should, allowing such hole to be unfixed for months.

Unfortunatly, considering the price of a smartphone, many owners get a carrier-subsidized one...

Reply Parent Score: 2

RE[2]: Comment by some1
by some1 on Wed 26th Sep 2012 12:26 in reply to "RE: Comment by some1"
some1 Member since:

Androidpolice says most US carriers likely pushed a fix last week:
This is for S3, don't know about other models.

Reply Parent Score: 2