Thursday, September 27, 2012

Samsung TouchWiz Warning: Bad Link Can Wipe Your Phone

At the Ekoparty security conference, Ravi Borganokar demonstrated a scary issue that can effect Samsung phones running the TouchWiz software (which includes the uber-popular Galaxy SIII and most other Samsung Droids). By clicking a link, Samsung’s TouchWiz phone dialer executes a total data wipe, clearing the phone completely and even damaging the SIM (which is much worse than a simple "factory reset" of the data on the phone). These "wipe" codes are typically used to register a phone on a network or perform other diagnostics, but the issue is that the TouchWiz software automatically dials the code when the link is tapped.

Check out  Borganokar's demo of the problem:

Samsung is working on a patch that will prevent the TouchWiz software from auto-dialing the code, which will solve the problem. In the meantime, Samsung smartphone users should be very careful about the links they're clicking!