Samsung Fixes Remote Reset USSD Exploit on Galaxy S III; Third-party Apps for Other TouchWiz Devices Available!

Quickly following yesterdays' revelations by a security researcher from the Berlin Technical University, that Samsung Galaxy S III, Galaxy S2, alongside a number of other Samsung smartphones running TouchWiz interface, is vulnerable to an exploit that can remotely factory reset a user's smartphone through a USSD TEL code -- Samsung delivered a software update, and […]

Quickly following yesterdays' revelations by a security researcher from the Berlin Technical University, that Samsung Galaxy S III, Galaxy S2, alongside a number of other Samsung smartphones running TouchWiz interface, is vulnerable to an exploit that can remotely factory reset a user's smartphone through a USSD TEL code -- Samsung delivered a software update, and confirmed that the remote reset exploit has "already been resolved."

"Claiming to have used codes for Unstructured Supplementary Service Data (USSD), a session-based GSM protocol typically used to send messages between a mobile device and an application server," Borgaonkar remotely wiped a Samsung Galaxy S III on stage at the Ekoparty Security Conference in Buenos Aires, Argentina.

Pointing out, he said there are multiple services currently utilizing the USSD protocol beyond system software, which include social networking, mobile carrier billing, and most unsettling of all, mobile banking.

This USSD TEL code could be triggered to the target device via a website, SMS, WAP push, NFC tag, or QR code at a maliciously-crafted HTML document containing the simple eleven-character code to wiping your phone without any prompts to intervene.

Samsung in its official statement said, "We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service."

The company didn't mention other affected devices including Galaxy S II, Galaxy Beam or Galaxy Ace, suggesting that the vulnerability is still active in the most up-to-date OS versions on these devices. However, Samsung Belgium via Twitter stated that a firmware fix is in works for the Galaxy S II, no time frame other than it will be an OTA update was mentioned.

If you are not sure, of your phones vulnerability, you can test it using the link here on your Samsung phone's stock browser. "If nothing happens, or the dialer appears but doesn't display your IMEI, you're probably safe. Or, if your dialer appears and brings up your IMEI number, you may be vulnerable," AndroidCentral said.

If your devices is an affected device, you can patch it through a third-paty app called "Dialer One" available from Google Play, until official Samusng software update happen.

TelStop offer a second option to all 'unpatched' TouchWiz devices. When installed, and whenever a USSD TEL code is used, it allow you to select the application rather than the Phone app by default, meaning you can intervene before it's too late. You can download TelStop here.

TelStop Android USSD Checker App Pic 1TelStop Android USSD Checker App Pic 2

TelStop Android USSD Checker App Pic 3TelStop Android USSD Checker App Pic 4