Security Vulnerability Exposed In Samsung’s Stock Browser, Allows Malicious Code To Trigger Factory Reset

Security expert Ravi Borgaonkar demoed a serious vulnerability in the way Samsung’s native browser and dialer app handle USSD codes and telephone links at the Ekoparty security conference. As shown by Ravi, malicious code could be used to trigger a factory reset without any forewarning or possible way of stopping it. Even more disturbing is the ability for such malicious code to perform a double whammy and also nuke the device’s SIM.

The malicious code is automatically activated after a user visits an infected website. Since there are various ways for users to be directed to a website, it creates an array of scary scenarios. For instance, a user could easily be directed to an infected site via a link within an SMS message, QR code or NFC tag.

Frantic testers are now trying to unravel which Samsung devices can be manipulated and from what we’ve gathered, it appears to only affect Samsung devices running TouchWiz with Samsung’s native browser. The following devices have already been tested and confirmed as being susceptible:

  • Samsung Galaxy S3
  • Galaxy S2
  • Galaxy Beam
  • Galaxy Ace
  • Galaxy S Advance

We have to assume Samsung has been made aware of the exploit (or at least they know now) and are diligently working on a fix. Until we hear from Samsung, we suggest switching to another browser such as Google Chrome for Android and then disabling Samsung’s native internet app by heading into Settings > Apps > All — then find the browser app and disable it.

We’ll keep you updated as more information becomes available. For a first-hand look at the exploit in action, watch the demo video from the Ektoparty security conference below.