advertisement
Filtered By: Scitech
SciTech

Samsung patches smartphone NFC reset glitch


Owners of two Samsung Galaxy smartphone models may have to be extra careful when going online or exchanging data via near-field communications (NFC) —or even getting some text messages— lest their phones be wiped of their personal data, a tech site reported.
 
A report on CNET said a code that could trigger a factory reset on the handsets, where a user's data could be wiped, is making the rounds on the Internet.
 
But as of Wednesday night (Manila time), The Verge said Samsung issued a fix for the reset vulnerability.
 
"While Samsung hasn't specified the particular software version (or given any assurances for devices other than its flagship Galaxy S III), it encourages all affected users to update their phones to the latest software available over-the-air. That should keep you safe from the dangers of inadvertently wiping your GS III, though the fate of the other TouchWiz devices in Samsung's portfolio remains unclear," it said.
 
The CNET report said Ravi Borgaonkar, a researcher in the Security in Communications department at Technical University Berlin, indicated the code may affect the Samsung Galaxy S2 and S3.
 
"It's possible to exploit this attack only on Samsung devices," CNET quoted him as saying, adding that for now, Samsung appears to be the only Android smartphone maker affected by the flaw.
 
For now, attacks can be staved off by disabling "service loading" in settings and disabling QR code and NFC apps, CNET quoted Borgaonkar as saying.
 
Borgaonkar said the flaw involves Samsung's TouchWiz, which interacts with "unstructured supplementary service data (USSD) codes," which execute commands on the handset's keypad.
 
Unlike most dialers that require the user to press "Send" to complete the code, Samsung's does not, Borgaonkar said.
 
Borgaonkar demonstrated the flaw at the Ekoparty security conference in Argentina last week, CNET said.
 
His demo indicated the code can be triggered via a Web link, QR code, NFC connection, or even SMS. The code need not ask the owner's permission to wipe the device.
 
On the other hand, the flaw also allows an attacker to lock the SIM card. — TJD, GMA News
LOADING CONTENT