Samsung released Galaxy S3 bug fixes and researchers offer fix for other models
Given the amount of details we all keep on our mobile phones, it’s no wonder that the lately confirmed Samsung Galaxy S3 remote data-wipe hack into has created some rumors.
Reports that Galaxy S2, Universe Beam, S Advance, and Galaxy Ace are also insecure have been taking up.
The totally reset to the manufacturer configurations and wipe clean of the contents is obtained via an easy USSD (Unstructured Supplementary Service Data) value sent to it via an exclusively designed web site or QR code, aided by NFC, or even via a remote activated phone call to the exclusively designed web site via WAP push messages.
Samsung has pushed out a fix for the Galaxy S3 phones yesterday, but there is still no news on when the fixes for the other phones will be made available.
In the meantime, two researchers have created applications that deflect the attack. Collin Mulliner, a researcher with Boston’s Northeastern University’s SECLAB, has offered the TelStop app, and Joerg Voss has developed and published NoTelURL - both of which install an additional TEL URL handlers, pop up a warning when the user is faced with a TEL link and then ask whether he wants to follow it.
Users who want to known whether their phone is vulnerable to the attack can surf to a “USSD Check” page set up by H-Online, which has embedded a command that asks the phone to display its serial number (IMEI). If it does so without asking for permission, the phone can be remotely wiped without the user’s consent.