Samsung's TouchWiz vulnerable to one-click data wipe or reset attack (video)

Samsung's TouchWiz vulnerable to one-click data wipe or reset attack (video)
Over at the Ekoparty security conference, Ravi Borgaonkar presented a session titled “Dirty use of USSD Codes in Cellular Network”, and what do you think was used for the demonstration?

Samsung Androids with TouchWiz, of all things. The guy demoed how a single line of HTML code can wipe the data on such handsets if you click it, since TouchWiz has a feature that automatically dials a code when a link is tapped.

The same goes for QR scans and NFC - Samsung's TouchWiz UI makes the dialer automatically execute the sequence, which can potentially force a factory reset code onto your unsuspecting phone, and wipe your data. Here is a video demonstrating the theoretical disaster.

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless