The Latest news to surface the web is about Samsung TouchWiz User interface and how a possible flaw in the way the UI interacts with USSD codes leaves the device vulnerable to attackers. The possible damage that an attacker could cause to devices such as Galaxy S Advance, Galaxy S2, Galaxy S3, Galaxy Ace and Galaxy Beam is endless.
The devices mentioned are the only ones that have been confirmed to be affected by this particular Flaw. The attacker can cause a proper Factory Reset simply through sending a simple link or uploading it to a website and having the user click on it using the device. Ravi Borgaonkar is the man responsible for discovering and portraying this flaw at the Ekoparty Security Conference.
The possibility of what a simple code could do to your handset is mind boggling. All an attacker has to do basically is enter a code with the proper dialer instructions to cause the phone to wipe all data or block the SIM otherwise and make it unusable.
The code could be send through an NFC beam connection. Basically the existence of this flaw in the User Interface makes the devices mentioned vulnerable to all sorts of attacks.
When a latest Samsung Galaxy S3 was tested with this particular code it didn’t exactly execute what is portrayed by Ravi however it should be noted that this particular S3 was running the Jelly Bean (Android) 4.1 Software.
And the one that Ravi Borgaonkar tested on was running the 4.0 version so there is always the possibility that the bug has been fixed in their latest update. Whatever the outcome of how popular this particular hack gets or how many people it manages to become a nuisance to, Samsung has not officially mentioned anything about the flaw or its fix.
[Via]
