Do you have a shiny new Samsung Galaxy SIII smartphone? Does it contain precious information like contacts, calendar events, music, or photos that you don?t have backed up somewhere else? If so, you might want to avoid visiting any websites until you get the latest update from Samsung.
A security researcher revealed a little trick last week that puts Samsung Galaxy SIII data at risk. Embedding a simple 11-digit string of characters and symbols in a Web page is enough to cause a Galaxy SIII smartphone that visits the website to trigger a full factory reset of the device. All contacts, photographs, music, apps, and any other data will be erased.
The Samsung Galaxy SIII runs on Android, but apparently the issue is unique to Samsung?s TouchWiz interface that it overlays on the core Android OS. According to a report from The Verge, other Samsung smartphones that use the TouchWiz UI?like the Galaxy SII or the Galaxy S?are also at risk.
Now that the code has been revealed, it?s being circulated online. Attackers can easily find out what the magic code is, and craft malicious websites that can erase Samsung smartphones in an instant. Once the code is entered, and the remote wipe is launched, there is no way to abort the process.
You should have some sort of cross-device security tool in place for your PCs, smartphones, and tablets. It?s possible that security software might be able to detect and identify malicious websites to warn you to avoid them, and help you protect your data from being wiped out by an attack like this.
Of course, if the attack is too new and the security vendors haven?t yet updated the security tools to identify the new threat, it?s possible that an attack like this could still slip through the cracks. For those situations, it?s also important to use common sense, and exercise a little discretion before clicking on links or visiting shady websites.
This scenario illustrates one of the tradeoffs customers accept when using a device with third-party skin overlaid on the Android OS. Samsung?s TouchWiz UI, Motorola?s MotoBlur UI, HTC?s Sense UI, and similar tools add unique features and functionality not found in the core Android OS, or on rival Android smartphones. However, these tools can also introduce vulnerabilities, or expose customers to threats that also don?t impact the core Android OS or competing Android smartphones.
Samsung has reacted quickly to the problem, and has developed an update to address it. Samsung issued a statement announcing a software update for the Galaxy SIII, and recommending that customers use the OTA (over-the-air) update service to download and apply the patch as soon as possible.
However, the update is still being pushed out, so many users are reporting that there Galaxy SIII still says there?s no update available. Also, there?s no acknowledgement or confirmation yet regarding the impact on other Samsung TouchWiz UI devices, or when or if an update can be expected for them.
No comments:
Post a Comment