Samsung urges Galaxy S III users to update their device to fix USSD exploit

Ian Hardy

September 26, 2012 9:12 am


It was revealed yesterday that Samsung’s TouchWIZ UI could easily be hacked to remotely wipe your device of all your data. This was demonstrated in a presentation called “Dirty use of USSD Codes in Cellular Network” by Ravi Borgaonka at the Ekoparty security conference. Clearly Samsung saw this and have been quick to fix the issue, but currently only for Galaxy S III users.

Here’s the full statement from Samsung:

“We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.”

Apparently Samsung is working on a patch and “conducting an internal review” of other devices, including the GS II.

Source: AndroidCentral

  • Lamedroid

    HAHAHA SAMSHEEP!!!!

    • Plan Shopper

      Lamedroid is definitely part of crApple.

      Copies the sheep comment, changes it, claims it’s better and now it’s his.

    • some guy

      @Lamedroid
      Huh?
      You know, if you’re going to try and troll, maybe you should work your way up. Right now I feel you would be better suited trolling the Sesame Street website.

      Aside from that, good on you Samsung for reacting quickly.

    • OGOD

      at least Samsung fixed it, instead of tell us is normal…

  • nick

    wow i must say, good on samsung for the fast fix!

    • ExcessDan

      it was fixed so fast, it was fixed in the past weeks ago

    • Brad F

      You forgot the part where they have to finish reviewing it, then send it to the carriers for approval, so it can finally be released next summer.

  • Paul

    I would assume if you did the update approx 3 weeks ago this would already be taken care of?

  • jack

    samsung urges you to update? no update found.

    obviously

    • TestMe

      Samsung Canada dropping the ball again just like the Galaxy Nexus delayed update issues.

    • ExcessDan

      you probably updated a few weeks back

  • squirrel_masher

    Shame they waited for the media to tell them their responsibilty, but glad they did act fast with interim patch and didn’t just tell users to wait until JB push came along.

    • some guy

      @squirrel_masher
      Think about what you said.
      “Shame they waited for the media to tell them their responsibilty”

      So I would like to pose 2 questions to you.

      1. How do you know that they didn’t have a rep at the conference, or were contacted by the people who discovered the exploit?

      2. With all the functions of current devices, there is absolutely no way to prevent glitches and/or security weaknesses, therefore if no one were to report issues how do you suggest that the manufacturer discover all issues and resolve them?

      That being said, Samsung Canada needs to pull their thumb out apparently.

    • squirrel_masher

      @some guy – good points. I checked and found that the security conf was only Sep 19-21, and I think Samsung was lucky that the recent OTA seems to have fixed the Galaxy S3 sets – I don’t think it’s likely that they developed and pushed an update in a week.

      From original AndroidCentral article “Phones confirmed to be affected included the Galaxy S2, Galaxy Beam and Galaxy Ace. Our testing on various Galaxy S3 models was inconclusive, though. Some models seemed vulnerable, while others were immune.”

      Samsung had to stamp this fire out REAL FAST in the press – hopefully the tech push for the remaining devices OTA fix will keep up.

  • Jon

    There’s no update available in Canada yet.

    • joe

      This was already patched in the update released a few weeks ago.

  • AllanVS

    I am betting, that Samsung knew about the problem and it was worked into the Sept. 4 update. They probably spoke to the guy in the video, and asked him to hold on to upload it.

  • sicpuppy

    Am expecting an REO Speedwagon song to make it all better .

  • Matt

    Hrm, that’s pretty darn fast, Apple folks generally have exploits for months, look at how long jailbreak . me was activate for before they were patched.
    Hats off to Samsung for getting this out right away.

    • Bobblehead

      keep comparing yourself to the other guy

  • Hi

    I just farted.

  • Stuntman

    This issue does not affect all GS3 phones. My Bell version is not affected. There is a test for it on Android Central.

    • AllanVS

      It appears, that those who updated in SEPTEMBER 4TH (or there abouts) are NOT affected by this. I tried AndroidCentral’s link, on my SGS3, rooted, with stock ROM (from Sept. 7th) and it DID NOT work.
      I got the dialer, but not the IMEI or *#06# showing up.

  • Jon

    If the test is accurate WIND’s version is not affected.

    • Obstacle-Man

      I have the Wind version and I am affected.

  • 5Gs

    EyePhone envy SSIII big time!

  • AnTard

    BAAAAAAAAAAAAAAAAAAAAH SAMSHEEP BAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

    • MG

      You don’t seem to understand the appropriate use of the ‘sheep’ insult… This is hardly an instance for it.

  • Derek

    I’m kind of happy about this. I’ve had an S1 S2 and now S3, and I’ve never liked touchwiz. I’ve always had cyanogenmod on them, and they don’t have ridiculous exploits like this. Samsung could learn a bit from the cm team

  • deli

    @Derek, samsung already hired the founder of Cyanogen soon after the Galaxy S 2 (yes, 2) launch last year.
    I have used all versions of TW, and I browse heavily (at 11gb usage this month). I have never experience this nor have I heard about this. It is a very very rare case and very quickly patched. However, hopefully there will be no more of these freak bugs in any Android, iOS, BB or Win7/8 systems.

    • Derek

      @deli,
      Yes, they hired Cyanogen after the S2, and even gave a couple of S2s to the CM team. Did that change anything in terms of quality of their software? Not really. TW still doesn’t run as smooth as AOSP, and consistently has more bugs than something like a Nexus device, and S-Voice is the worst copy of Siri I’ve ever seen. That being said, I’ll probably still get the S4 when it comes out because they have phenomenal hardware on their devices.

  • Chico

    No update available yet for moi on Rogers. But it’ll be nice to get though as soon as it’s available. Also looking forward to the JB release

  • SilentBob

    Used the android central test to check for the vulnerability. I can confirm that the result on my 32GB Telus branded SIII was negative. It does seem like the update a few weeks ago likely dealt with the issue.

  • deli

    @Derek, my opinion is that TW2 was crap, then they turned on the heat with GS2 and I enjoy the motion features in the current iteration of TW4. I used to be a big fan of AOSP, however, it’s too plain for me lol. But I do install AOSP/AOKP on the Galaxy Note for my dad because the Snapdragon S3 can’t handle the extra weight of TW3.
    S Voice i don’t use but I heard it’s pretty bad. But GOogle Now is da shiznit.

  • Spencer

    Sucks for SameSung users

  • Jon

    WIND GS3 got pushed an update today.