| News | Features | Interviews |
| Blog | Contact | Editorials |
| TouchWiz exploit factory resets some Samsung phones |
| By Thom Holwerda, submitted by bowkota on 2012-09-25 21:14:03 |
| On the same day I bought a brand new iMac and switched back to Mac (no joke!), and teased the employees at the Apple retailer with my Galaxy SII, Samsung goes around and pulls something idiotic like this. TouchWiz, Samsung's Android skin, has a very severe flaw which passes digits along from JavaScript (via their modified browser) to the modified dialler, allowing your device to be factory reset (!) by just visiting a link - via NFC, QR, or plain. This doesn't affect all Samsung devices, but those that are affected are all TouchWiz devices. This just proves once again that you should either buy Nexus, or make the switch to Cyanogenmod (or any of the other AOSP-based ROMs). |
|
| Eh... How come you are buying an iMac at this time? |
| By someone on 2012-09-25 21:24:30 |
| When a refresh is expected soon... |
 - Score: 2 |
| RE: Eh... How come you are buying an iMac at this time? |
| By Thom_Holwerda on 2012-09-25 21:28:33 |
|
1) I need it now (work depends on it). 2) no early adopter issues. 3) those new ones can easily be 4-5-6 weeks away for Dutch folk. Can't go that long without income. 4) there's always something new right around the corner. I don't live my life based on that. Yes, I had three computers die in a few months' time. |
| - Score: 3 |
| Another, simpler solution |
| By WereCatf on 2012-09-25 21:36:47 |
| Just use another browser. I've personally been using Opera for years and I see no reason whatsoever to switch. Especially so since I can't use CyanogenMod. |
| - Score: 1 |
| RE: Another, simpler solution |
| By Windows Sucks on 2012-09-25 21:45:50 |
|
> Just use another browser. I've personally been using Opera for years and I see no reason whatsoever to switch. Especially so since I can't use CyanogenMod. ? The same goes for QR scans and NFC – Samsung’s TouchWiz UI makes the dialer automatically execute the sequence, which can potentially force a factory reset code onto your unsuspecting phone, and wipe your data. It's not browser based.. This sucks because regular users have no clue how to use a ROM and almost no one buys nexus phones, Samsung barely markets theirs. |
| - Score: 1 |
| RE: Another, simpler solution |
| By darknexus on 2012-09-25 21:49:22 |
|
> Just use another browser. In this case, I don't think another browser would help. If I understand the exploit correctly, Samsung's modified dialer is the issue here, not the browser itself. In other words, unless your browser does not do phone number detection (which will pass phone numbers to the dialer when clicked) then you can be hit by this no matter which browser you are using. There's no safety for this one if you're using one of these, except plain old common sense. The old rule still holds: If you suspect a malicious link, don't click it. |
| - Score: 1 |
| RE[2]: Another, simpler solution |
| By darknexus on 2012-09-25 21:53:45 |
|
> This sucks because regular users have no clue how to use a ROM and almost no one buys nexus phones, Samsung barely markets theirs. Yeah, and we all know just how amazing Samsung is at providing security updates for their Android phones. </sarcasm> |
| - Score: 1 |
| Touch Wiz must die |
| By PieterGen on 2012-09-25 22:00:27 |
| I recently bought a Samsung 7.7 Tab. I have a Galaxy Phone as well, which I rooted and put a custom ROM on long ago. I forgot how misarable and downright shitty Touchwiz is. It adds *nothing* to stock Android. Id be willing top pay 10 euro s more for a clean device so I would nt have the hassle of flashing and so on, to take off the unneeded bloat that.s called TouchWiz |
| - Score: 2 |
| RE[3]: Another, simpler solution |
| By PieterGen on 2012-09-25 22:01:22 |
| Indeed... |
| - Score: 1 |
| RE[3]: Another, simpler solution |
| By Windows Sucks on 2012-09-25 22:32:38 |
|
> > Yeah, and we all know just how amazing Samsung is at providing security updates for their Android phones. Or any updates for that matter. |
| - Score: 1 |
| Comment by some1 |
| By some1 on 2012-09-26 00:34:44 |
|
There are a lot of conflicting reports on this. From this Google's commit: https://android.googlesource.com/... it seems like this was a stock Android dialer bug that was fixed in June. This is consistent with the claim here: http://securitywatch.pcmag.com/n... that it was reported to Samsung and Google in June. There are reports that this fix was shipped in 4.0.4 and 4.1 stock builds and Samsung pushed OTA updates where it could. Of course, those using carrier-provided ROMs can be out of luck. |
| - Score: 3 |
| News | Features | Interviews |
| Blog | Contact | Editorials |