| News | Features | Interviews |
| Blog | Contact | Editorials |
| TouchWiz exploit factory resets some Samsung phones |
| By Thom Holwerda, submitted by bowkota on 2012-09-25 21:14:03 |
| On the same day I bought a brand new iMac and switched back to Mac (no joke!), and teased the employees at the Apple retailer with my Galaxy SII, Samsung goes around and pulls something idiotic like this. TouchWiz, Samsung's Android skin, has a very severe flaw which passes digits along from JavaScript (via their modified browser) to the modified dialler, allowing your device to be factory reset (!) by just visiting a link - via NFC, QR, or plain. This doesn't affect all Samsung devices, but those that are affected are all TouchWiz devices. This just proves once again that you should either buy Nexus, or make the switch to Cyanogenmod (or any of the other AOSP-based ROMs). |
|
| RE: Touch Wiz must die |
| By WorknMan on 2012-09-26 01:15:25 |
| Speaking of Touch Wiz, instead of this exploit wiping the entire phone, it's too bad it just doesn't wipe Touch Wiz off the device. Then they could charge money for the service :) hehe |
 - Score: 3 |
| RE[2]: Eh... How come you are buying an iMac at this time? |
| By kragil on 2012-09-26 05:11:24 |
| How about buying computers you can easily repair yourself? (makes sense when your work depends on it IMO) |
| - Score: 3 |
| RE[2]: Eh... How come you are buying an iMac at this time? |
| By Neolander on 2012-09-26 06:41:10 |
| And, out of curiosity too, why switch back to Mac now ? Considering Apple's recent actions, it doesn't sound like the perfect timing to reward them with money. |
| - Score: 5 |
| Not only Samsung, and not related to TouchWizz *at all* |
| By phoudoin on 2012-09-26 07:49:22 |
|
The root bug is in the stock Android Dialer app, and was fixed in 4.0.4. An hotfix patch was pushed toward custom ROMs makers, but it seems that phone markers were more busy polishing their custom look & feel than fixing venulverality holes. Meanwhile, install and make it default TEL handler this proxy dialer quickly hacked by XDA developers last night: https://play.google.com/store/app... |
| - Score: 3 |
| RE: Comment by some1 |
| By phoudoin on 2012-09-26 07:56:00 |
|
Indeed, the issue is most carrier-subsidized phones with custom ROM don't support them as they should, allowing such hole to be unfixed for months. Unfortunatly, considering the price of a smartphone, many owners get a carrier-subsidized one... |
| - Score: 2 |
| RE[2]: Another, simpler solution |
| By phoudoin on 2012-09-26 08:04:41 |
|
> The old rule still holds: If you suspect a malicious link, don't click it. Not safe enough : an URL can be resolved automatically without user interaction, like an HTML frame src URL, or a QRCode reader. Or a RSS app: RSS Republic & co does it and, ironically, many android users actually notice the exploit news article and experience what it can do actually at the same times, thanks to their news feed app ;-). |
| - Score: 2 |
| RE[2]: Touch Wiz must die |
| By PieterGen on 2012-09-26 08:06:30 |
| LOL. Maybe time for someone to develop the most beloved piece of malware known to man: TouchWizKilla ;-) Kills only Touchwiz but leaves the rest on"touched" :-) |
| - Score: 2 |
| RE: Touch Wiz must die |
| By adkilla on 2012-09-26 10:16:05 |
| TouchWiz is called CheezeWiz at times because it is the cheesiest of android customizations ever. When was the last time you've heard of MotoBlur or even SenseUI being this downright ridiculous? |
| - Score: 2 |
| RE[2]: Comment by some1 |
| By some1 on 2012-09-26 12:26:10 |
|
Androidpolice says most US carriers likely pushed a fix last week: http://www.androidpolice.com/201... This is for S3, don't know about other models. |
| - Score: 2 |
| RE[3]: Comment by some1 |
| By phoudoin on 2012-09-26 12:35:49 |
|
> Androidpolice says most US carriers likely pushed a fix last week. They didn't pushed a *fix*, but a full upgrade to Android 4.0.4 or sooner, which already include the fix. I'll bet that they didn't even knew that the issue existed on the first place and that only this upgrade comes with the fix. May Jelly Bean was not ready to broadcast, I'm pretty sure no official fix will be available yet. |
| - Score: 2 |
| News | Features | Interviews |
| Blog | Contact | Editorials |