Galaxy S II and Galaxy Advance can be wiped by just clicking a link

Over at the Ekoparty security conference, Ravi Borgaonkar presented a session titled “Dirty use of USSD Codes in Cellular Network”.
Ravi Borgaonkar presented a session with Samsung’s Galaxy devices based on Samsung’s own Touch-Wiz interface.
Thanks to some missing code the Galaxy S II and Galaxy Advance both devices are easy to factory reset.
Mr Ravi Borgaonkar demonstrated this on a Galaxy S II and a Galaxy Advance.
You just click on a link and BOOM! factory reset starts and you can’t stop it!
The same goes for QR scans and NFC – Samsung’s TouchWiz UI makes the dialer automatically execute the sequence, which can potentially force a factory reset code onto your unsuspecting phone, and wipe your data.

Samsung did not give any comment on this yet.

We of SamMobile will not give any kind of  direct link of  this code!
Galaxy S II and Galaxy Advance owners please take care for tricky links!
And yes this is not some HOAX couple of websites tried out already.

For more details please view the movie below…


Phones 16

Leave a Reply

4 years 7 months ago

Install TelStop. No more auto-links in browser :) As for JB for S2, I’m also waiting for it. Prolly no more than 2 months.

4 years 7 months ago

Need a Jelly Bean stock rom for GT-I9100G. how long time?

4 years 7 months ago

I have a Galaxy S Advance and there is no update available. En Chrome is no option for this phone Because it runs on Android 2.3.6. i am waiting for an update for this phone.
there are not so many custom ROMs available

4 years 7 months ago

I just tested this issue on my Galaxy S3 with Jelly Bean (I9300XXDLIB).

Yes, when I am clicking on dangerous link Dial Pad is launched.
NO, USSD code does not run.

4 years 7 months ago

All background info regarding the Samsung USSD hack, some simple tests and how to disable it can be found here:

4 years 7 months ago

nothing is like tat. n it cany happen

Dead Silence
4 years 7 months ago

“Samsung already fixed this. As long as your firmware is up to date, there isn’t an issue.”.

Yip, but my phone has the eMMC bug and I don’t want to brick it going to ICS 4.0.4.

4 years 7 months ago

The accent of that guy is awful and the sound quality doesn’t help….I didn’t understand anything……

4 years 7 months ago

or you can simply use chrome or any other free non-stock browser
or yo could make sure to update your phone via OTA ( after checking my S2 with XXLPX and my S3 with XXBLG8 i’m confirm that the problem have been quietly solved by Sammy)

Ps: accroding to other sources (Androidpolice) the USSD bug foes not only concern Samsung but all android devices… according to them HTC is also vulnerable ( with the addition that they didn’t even try to patch it). Sammy did its job without saying a word, i guess they didn’t want to alarm us. It could be worse you could be using an LG or any other company that never patch its phones.

4 years 7 months ago

I’ve found a temporary solution. it costs $ 10 but it works.
you can download the Fsecure app in the play store.
And use the fsecure safe browser as your Default Browser.

Deciduous Sprue
4 years 7 months ago

Samsung already fixed this. As long as your firmware is up to date, there isn’t an issue.

4 years 7 months ago

I disagree with comment number2 on my S2 i9100 I’ve stopped it withe the “go back” key on the right side

4 years 7 months ago

Those guys don’t understand what they are talking about. They even cannot setup display time out (LOL from looking at that guy waking up pnone every 10 seconds :)).
This is NOT security flaw, because no one will get your data. This is part of mobile tracker feature helping you to find lost phone or wipe it if you cannot get it back.
You cannot simply send generic SMS or network command because you need to know some phone specific data, like IMEI or S/N (or both of them).
You won’t be able to wipe someone’s samsung phone just knowing his/her phone number.

As far as i know, iPhone has the same feature.

4 years 7 months ago

why on other news like that of gsmarena includes s3 on their report?

4 years 7 months ago

Yeah, this is true. Happened to my Galaxy S I (i9000) before. Just dial the number and reset starts in a flash. You CANNOT stop it. What you can only do is just to look at the display which says “Formatting data”.

Damn it

4 years 7 months ago

My phone was stolen and the stupid thief is using my whatsapp account (at least reading the messages).
What’s the USSD code? I want to know it so I can format my stolen phone