Remote reset and wipe threat for Samsung Galaxy SIII users discovered
A worryingly simple way of remotely resetting and wiping all data from a Samsung Galaxy SIII has been discovered by a developer and security engineer.
Samsung has always employed a code to factory reset its phones, which can be entered like a telephone number and called using the dialler or phone application. However, the code for the Galaxy SIII can be remotely triggered by visiting a website or clicking a link in an SMS or MMS message; something that should not be possible.
The hack was demonstrated at the recent Ekoparty security conference, and was tweeted by security engineer Pau Oliva, where the news spread like wildfire. The code, which is *2767*3855#, can be implemented in a number of different ways, which could lead to malicious websites or services tricking S3 users into wiping their phones back to factory settings.
Oliva even posted the short piece of coding which would need to be added to a website or SMS push message in order to wipe the phone. This code could easily be anchored to some harmless text, such as “click here for more info”, and when the user clicks it will trigger the factory reset function of the phone.
Alternatively, the code can be implemented into QR codes and possibly even NFC tags. Once loaded up, a Samsung user who scans the tag or code would be directed to a website, triggering the reset code.
What’s even more concerning is that there is no user confirmation required for the reset to take place. When doing a factory reset through the phone’s settings menu, you would be prompted to confirm you want to wipe all data, whereas the phone will wipe as soon as the code is clicked.
On their own, these codes are usually reserved for engineers or repair agents in order to quickly wipe a phone before fixing it. As such, the codes can be similar on phones in the same range. Unfortunately this means that other Samsung Android phones with the TouchWiz user interface are also susceptible, and so far the Galaxy Beam, S Advance, Galaxy Ace, and Galaxy S II have been tested and confirmed to be at risk.
For now we would advise to set any NFC or QR code reader app that you use to not automatically load the page when scanned. Most apps give an option to review the link first, which would be the best course of action. Hopefully Samsung will take notice of this and get a software update out to patch the issue as soon as possible.