With the advancement of mobile technology in recent years has seen more of us relying on our smartphones or other devices that are used for all manner of things including online banking. Now some worrying news has come to light as the popular Samsung Galaxy S3 is threatened with a remote hack USSD code.
We get to hear of a number of different security risks associated with mobile devices, and SlashGear are reporting that a single line of code can set off a full factory reset of the Galaxy S3. This information has come to light after some security researchers found the risk of malicious websites clearing user’s handsets.
While at the Ekoparty security conference the issues was showcased by Ravi Borgaonkar, and the USSD code that could be sent via a website or even sent to devices by NFC or triggered by a QR code, can activate a full factory reset on the Galaxy S3 and other handsets from the company.
Owners of the handset would be able to see the reset taking place, but they will not be able to prevent the reset starting. While the code sent via QR readers or NFC tags the user would get no warning of the reset taking place, and in turn no chance from preventing their smartphone from running malicious code.
It seems the problem only affects handsets that run the Samsung TouchWiz Android overlay, and basic Android only highlighting the code via the dialler screen while not running it automatically. Trouble is though the Samsung default mode is to dial the code automatically.
Even more worrying is the concern that the attack can be increased so a USSD code can be used to kill the SIM card being used by the handset, so a single message can not only wipe the handset, but leave the owner with a useless SIM card as well.
It has also been found that it is possible to make Samsung smartphones go to a malicious website containing the code via a WAP=push SMS message. This issue has also been found to affect the Samsung Galaxy S2, Galaxy S Advance, Galaxy Ace, and Galaxy Beam.
Owners of the affected handsets are advised to disenable automatic side loading for any QR or NFC reader apps that are being used, and obviously don’t click on any website links that are not trusted. There has been some reports though that the USSD code problem has been patched on some versions of the Galaxy S3, with the AT&T version and European model reportedly fixed.
Are you concerned about your smartphone being hacked?