Samsung smartphones vulnerable to remote wipe exploit, researcher shows

Telecommunications Security researcher Ravi Borgaonkar from the Berlin Technical University has revealed just how easy it might be to perform a malicious factory reset on Samsung Android smartphones running the TouchWiz interface.

Claiming to have used codes for Unstructured Supplementary Service Data (USSD), a session-based GSM protocol typically used to send messages between a mobile device and an application server, Borgaonkar remotely wiped a Samsung Galaxy S III on stage at the Ekoparty Security Conference in Buenos Aires, Argentina.

Borgaonkar pointed out that there are multiple services currently utilizing the USSD protocol beyond system software, which include social networking, mobile carrier billing, and most unsettling of all, mobile banking.

The simple USSD code can be delivered to the target device via SMS, in a weblink, NFC tag or QR code pointing at a maliciously-crafted HTML document containing the simple eleven-character code. The exploit has been independently performed and verified on several models of Samsung smartphones running TouchWiz. It has also been tried on some Non-TouchWiz Samsung phones, and indeed non-Samsung phones have been tested, and none of them could replicate the exploit. It presently appears to only affect TouchWiz.

The code is already widely available, but the actual severity of the exploit hasn't yet been established. We've reached out to some mobile security companies, as well as Samsung for commentary on the issue, but we still await their reply. We will update with further information.