Wow. I’ve never been a huge fan of Samsung’s TouchWiz, but never did I think it actually would pose such a threat to a user’s data! For those that don’t know what TouchWiz is, it’s Samsung’s own vision of how a user interface should look like. Samsung adds this to every Android device it manufactures. Today, a bug in TouchWiz was made public that enables for websites to trigger a hard reset of a Galaxy device! If I was to implement one line of code in this post, every single Galaxy owner reading this site with TouchWiz UI enabled would see their devices hard reset, i.e. loosing all the data that is stored on the phone!
This has to do with how the stock browser handles USSD code. If a Galaxy S III user wanted to factory reset the phone, he’d simply “call” *2767*3855#, and the device would do a factory reset. However, due to this massive bug in TouchWiz, a webpage could trigger a call to this same number. It could simply be done with a frame crafted to call the number in question. Those who want to test this on their sites, here’s all you need: <frame src=”tel:*2767*3855%23″ />. The user would not even get a confirmation, and all the data stored on the phone will vanish. Handy, eh!?
Samsung’s Android users should just stay away from using the browser until Samsung delivers a fix for every Galaxy device out there!
Read more: viaLike this post? Like us on Facebook to see when a new post is published.
