Galaxy S II and Galaxy Advance can be wiped by just clicking a link

Over at the Ekoparty security conference, Ravi Borgaonkar presented a session titled “Dirty use of USSD Codes in Cellular Network”.
Ravi Borgaonkar presented a session with Samsung’s Galaxy devices based on Samsung’s own Touch-Wiz interface.
Thanks to some missing code the Galaxy S II and Galaxy Advance both devices are easy to factory reset.
Mr Ravi Borgaonkar demonstrated this on a Galaxy S II and a Galaxy Advance.
You just click on a link and BOOM! factory reset starts and you can’t stop it!
The same goes for QR scans and NFC – Samsung’s TouchWiz UI makes the dialer automatically execute the sequence, which can potentially force a factory reset code onto your unsuspecting phone, and wipe your data.

Samsung did not give any comment on this yet.

We of SamMobile will not give any kind of  direct link of  this code!
Galaxy S II and Galaxy Advance owners please take care for tricky links!
And yes this is not some HOAX couple of websites tried out already.

For more details please view the movie below…

via

Phones 16
16 Comments

Leave a Reply


PLANET
2 years 11 months ago

Install TelStop. No more auto-links in browser :) As for JB for S2, I’m also waiting for it. Prolly no more than 2 months.

kizinew
2 years 11 months ago

Need a Jelly Bean stock rom for GT-I9100G. how long time?
Boyis

Androiddevil
2 years 11 months ago

@enissayas
I have a Galaxy S Advance and there is no update available. En Chrome is no option for this phone Because it runs on Android 2.3.6. i am waiting for an update for this phone.
there are not so many custom ROMs available

pavel_levchuk
2 years 11 months ago

I just tested this issue on my Galaxy S3 with Jelly Bean (I9300XXDLIB).

Yes, when I am clicking on dangerous link Dial Pad is launched.
NO, USSD code does not run.

member
2 years 11 months ago

All background info regarding the Samsung USSD hack, some simple tests and how to disable it can be found here: http://www.wipemygalaxy.com

tadiboyinasudhakar
2 years 11 months ago

nothing is like tat. n it cany happen

Dead Silence
2 years 11 months ago

“Samsung already fixed this. As long as your firmware is up to date, there isn’t an issue.”.

Yip, but my phone has the eMMC bug and I don’t want to brick it going to ICS 4.0.4.

ialeixo
2 years 11 months ago

The accent of that guy is awful and the sound quality doesn’t help….I didn’t understand anything……

enissayas
2 years 11 months ago

@Adroiddevil
or you can simply use chrome or any other free non-stock browser
or yo could make sure to update your phone via OTA ( after checking my S2 with XXLPX and my S3 with XXBLG8 i’m confirm that the problem have been quietly solved by Sammy)

Ps: accroding to other sources (Androidpolice) the USSD bug foes not only concern Samsung but all android devices… according to them HTC is also vulnerable ( with the addition that they didn’t even try to patch it). Sammy did its job without saying a word, i guess they didn’t want to alarm us. It could be worse you could be using an LG or any other company that never patch its phones.

Androiddevil
2 years 11 months ago

I’ve found a temporary solution. it costs $ 10 but it works.
you can download the Fsecure app in the play store.
And use the fsecure safe browser as your Default Browser.

Deciduous Sprue
2 years 11 months ago

Samsung already fixed this. As long as your firmware is up to date, there isn’t an issue.

User-Inside
2 years 11 months ago

I disagree with comment number2 on my S2 i9100 I’ve stopped it withe the “go back” key on the right side

sorg
2 years 11 months ago

LOL.
Those guys don’t understand what they are talking about. They even cannot setup display time out (LOL from looking at that guy waking up pnone every 10 seconds :)).
This is NOT security flaw, because no one will get your data. This is part of mobile tracker feature helping you to find lost phone or wipe it if you cannot get it back.
You cannot simply send generic SMS or network command because you need to know some phone specific data, like IMEI or S/N (or both of them).
You won’t be able to wipe someone’s samsung phone just knowing his/her phone number.

As far as i know, iPhone has the same feature.

blueisland
2 years 11 months ago

why on other news like that of gsmarena includes s3 on their report?

madushan92
2 years 11 months ago

Yeah, this is true. Happened to my Galaxy S I (i9000) before. Just dial the number and reset starts in a flash. You CANNOT stop it. What you can only do is just to look at the display which says “Formatting data”.

Damn it

descargaasaco
2 years 11 months ago

My phone was stolen and the stupid thief is using my whatsapp account (at least reading the messages).
What’s the USSD code? I want to know it so I can format my stolen phone

 
Top
Limited offer: 50% off of Premium Membership Limited offer: 50% off of Premium Membership X