Samsung Galaxy S3 owners are subject to a vulnerability that can actually be fixed with an over-the-air update. Read More ..
Samsung today said that users can install a security update over the air that will safeguard them from a vulnerability that could allow someone to remotely delete all of their personal data from the handset.
Security researcher Ravi Borgaonkar discovered the flaw and demonstrated it last week at a security conference in Argentina. The flaw lies in the way Samsung's TouchWiz UI handles unstructured supplementary service data codes, which are allowed to execute commands on the device's keypad. Most software dialers require users to hit the "send" button to complete a code, but Samsung's software does not, the researcher claims.
Malicious hackers who realized that took to the Web and unleashed malicious code that was capable of taking advantage of the flaw and remotely wiping the entire device. According to Borgaonkar, the flaw can be exploited through Web links, QR codes, and even SMS.
Samsung didn't say how it addressed the flaw, but reassured users that the issue "has already been resolved." Interestingly, Borgaonkar said that it was "possible to exploit this attack only on Samsung devices."
CNET has contacted Samsung for more information on the fix. We will update this story when he learn more.