TouchWiz Has a Major Security Flaw that Allows Factory Resets With Just One Click (Updated)

Concerning news this morning for any Samsung owner who is running TouchWiz on their phone. A little slice of HTML code was found that when clicked, can reset the Galaxy SII instantly to factory settings. The factory reset could also be triggered by a QR code or via NFC. The culprit seems to be the TouchWiz skin that Samsung has stuck by on top of Android. When this malicious code is triggered through a device, it pops up the dialer which then automatically activates a factory reset code, causing the phone to wipe itslef with no option for stoppage.

So far, The Verge has been able to replicate the exploit on the Galaxy SII and the AT&T version of the Galaxy SIII. Samsung is apparently “looking into” the exploit but there doesn’t seem to be a way to fix this quite yet. The only advice we have is don’t install any fishy-looking applications, click any weird HTML links, scan random QR codes, or touch NFC tags that you haven’t set up yourself until we hear more word. We’ll keep you updated if we hear more.

Update:  Reports are coming in now that this is an Android issue that was patched long ago, but may still affect handsets not running the most current versions of Android. In theory, this vulnerability could be exploited on any older version of Android, probably pre-Ice Cream Sandwich. Thankfully, a number of updates to a handful of devices over the last few weeks likely closed up this gap, including ones to the Galaxy S3.

Via: The Verge

This post was last modified on September 26, 2012 7:47 am