Posted by on 25 September 2012 at 14:09

Galaxy S II and Galaxy Advance can be wiped by just clicking a link

Follow: Phones Phones

Over at the Ekoparty security conference, Ravi Borgaonkar presented a session titled “Dirty use of USSD Codes in Cellular Network”.
Ravi Borgaonkar presented a session with Samsung’s Galaxy devices based on Samsung’s own Touch-Wiz interface.
Thanks to some missing code the Galaxy S II and Galaxy Advance both devices are easy to factory reset.
Mr Ravi Borgaonkar demonstrated this on a Galaxy S II and a Galaxy Advance.
You just click on a link and BOOM! factory reset starts and you can’t stop it!
The same goes for QR scans and NFC – Samsung’s TouchWiz UI makes the dialer automatically execute the sequence, which can potentially force a factory reset code onto your unsuspecting phone, and wipe your data.

Samsung did not give any comment on this yet.

We of SamMobile will not give any kind of  direct link of  this code!
Galaxy S II and Galaxy Advance owners please take care for tricky links!
And yes this is not some HOAX couple of websites tried out already.

For more details please view the movie below…

via

Related Posts:

  • No Related Posts

16 comments on “Galaxy S II and Galaxy Advance can be wiped by just clicking a link

  1. descargaasaco on said:

    My phone was stolen and the stupid thief is using my whatsapp account (at least reading the messages).
    What’s the USSD code? I want to know it so I can format my stolen phone

    Report this comment

  2. madushan92 on said:

    Yeah, this is true. Happened to my Galaxy S I (i9000) before. Just dial the number and reset starts in a flash. You CANNOT stop it. What you can only do is just to look at the display which says “Formatting data”.

    Damn it

    Report this comment

  3. blueisland on said:

    why on other news like that of gsmarena includes s3 on their report?

    Report this comment

  4. sorg on said:

    LOL.
    Those guys don’t understand what they are talking about. They even cannot setup display time out (LOL from looking at that guy waking up pnone every 10 seconds :) ).
    This is NOT security flaw, because no one will get your data. This is part of mobile tracker feature helping you to find lost phone or wipe it if you cannot get it back.
    You cannot simply send generic SMS or network command because you need to know some phone specific data, like IMEI or S/N (or both of them).
    You won’t be able to wipe someone’s samsung phone just knowing his/her phone number.

    As far as i know, iPhone has the same feature.

    Report this comment

  5. User-Inside on said:

    I disagree with comment number2 on my S2 i9100 I’ve stopped it withe the “go back” key on the right side

    Report this comment

  6. Deciduous Sprue on said:

    Samsung already fixed this. As long as your firmware is up to date, there isn’t an issue.

    Report this comment

  7. Androiddevil on said:

    I’ve found a temporary solution. it costs $ 10 but it works.
    you can download the Fsecure app in the play store.
    And use the fsecure safe browser as your Default Browser.

    Report this comment

  8. enissayas on said:

    @Adroiddevil
    or you can simply use chrome or any other free non-stock browser
    or yo could make sure to update your phone via OTA ( after checking my S2 with XXLPX and my S3 with XXBLG8 i’m confirm that the problem have been quietly solved by Sammy)

    Ps: accroding to other sources (Androidpolice) the USSD bug foes not only concern Samsung but all android devices… according to them HTC is also vulnerable ( with the addition that they didn’t even try to patch it). Sammy did its job without saying a word, i guess they didn’t want to alarm us. It could be worse you could be using an LG or any other company that never patch its phones.

    Report this comment

  9. ialeixo on said:

    The accent of that guy is awful and the sound quality doesn’t help….I didn’t understand anything……

    Report this comment

  10. Dead Silence on said:

    “Samsung already fixed this. As long as your firmware is up to date, there isn’t an issue.”.

    Yip, but my phone has the eMMC bug and I don’t want to brick it going to ICS 4.0.4.

    Report this comment

  11. tadiboyinasudhakar on said:

    nothing is like tat. n it cany happen

    Report this comment

  12. member on said:

    All background info regarding the Samsung USSD hack, some simple tests and how to disable it can be found here: http://www.wipemygalaxy.com

    Report this comment

  13. pavel_levchuk on said:

    I just tested this issue on my Galaxy S3 with Jelly Bean (I9300XXDLIB).

    Yes, when I am clicking on dangerous link Dial Pad is launched.
    NO, USSD code does not run.

    Report this comment

  14. Androiddevil on said:

    @enissayas
    I have a Galaxy S Advance and there is no update available. En Chrome is no option for this phone Because it runs on Android 2.3.6. i am waiting for an update for this phone.
    there are not so many custom ROMs available

    Report this comment

  15. kizinew on said:

    Need a Jelly Bean stock rom for GT-I9100G. how long time?
    Boyis

    Report this comment

  16. PLANET on said:

    Install TelStop. No more auto-links in browser :) As for JB for S2, I’m also waiting for it. Prolly no more than 2 months.

    Report this comment

Leave a Reply

Compare specifications
SamMobile
© 2013 SamMobile.com  |  Privacy & Cookies  |  Find us on Facebook, Google+ and Twitter