Share this Story

TouchWiz Has a Major Security Flaw that Allows Factory Resets With Just One Click (Updated)

Concerning news this morning for any Samsung owner who is running TouchWiz on their phone. A little slice of HTML code was found that when clicked, can reset the Galaxy SII instantly to factory settings. The factory reset could also be triggered by a QR code or via NFC. The culprit seems to be the TouchWiz skin that Samsung has stuck by on top of Android. When this malicious code is triggered through a device, it pops up the dialer which then automatically activates a factory reset code, causing the phone to wipe itslef with no option for stoppage.

So far, The Verge has been able to replicate the exploit on the Galaxy SII and the AT&T version of the Galaxy SIII. Samsung is apparently “looking into” the exploit but there doesn’t seem to be a way to fix this quite yet. The only advice we have is don’t install any fishy-looking applications, click any weird HTML links, scan random QR codes, or touch NFC tags that you haven’t set up yourself until we hear more word. We’ll keep you updated if we hear more.

Update:  Reports are coming in now that this is an Android issue that was patched long ago, but may still affect handsets not running the most current versions of Android. In theory, this vulnerability could be exploited on any older version of Android, probably pre-Ice Cream Sandwich. Thankfully, a number of updates to a handful of devices over the last few weeks likely closed up this gap, including ones to the Galaxy S3.

Via: The Verge

  • Chesty_Apple_Boss

    Oh my God! Any S3 can be instantly wiped of all its data!

    Oh, wait, the “update” at the bottom of the article admits this is all useless “old news” and the bug was fixed long ago.

    Great story, droid-life!

    • Read more carefully: ” Reports are coming in now that this is an Android issue that was patched long ago, but may still affect handsets not running the most current versions of Android”

      Just because a patch was provided by Google does not mean that the patch was widely availabe or in-use on current devices.

  • Granpa

    Yet another reason why Samsung needs to drop Touchfail and just give us phones with ASOP like the Galaxy Nexus.

    • Agreed. I’ve hated just about every 3rd party launcher/skin I’ve ever used. I much prefer untarnished Android.

  • S2556


  • jay_peter

    This is what happens when you give up control of your OS.

  • Datboijon

    You guys got it all wrong… you have to take an apple approach to this. Its not a bug it’s a feature. QR and html based factory resets. It’s a first in the industry. Samsung yet at again revolutionizing the industry.

  • tyguy829

    Touchwiz has cost Samsung over a billion dollars to Apple, and now this…what else has to go wrong to convince them to get rid of it?

  • Droosh

    Thanks for your advice.
    My advice: Get rid of Touch Wiz by installing an AOSP ROM.

  • Custom skins continuing to innovate!

  • SH

    Anyone know the number to a GS3 owner they don’t like? Text them a link. LOL!

  • eggbert

    First off, I wouldn’t scan a random QR code on a dare… Second owning a VZ Gnex and GSIII I find that I like TW ICS better than stock JB. With the exception of upgrading to final JB the other day my GNex has been in a drawer since I got the GSIII.

  • PC_Tool

    Wow. The OEM-skin-hate brigade is out in full force.

    You guys aren’t actually under the impression that Google never writes software capable of being exploited, are you??

    Yeah, this sucks for folks unable or unwilling to root…but it’s not like Google writes perfect software either.

    Oh, and before ya all get too uppity, it ain’t Touchwiz that is the problem here.

    Blame Sammy for allowing a dial-code to reset the phone or Google for allowing a program to access the dialer….whatever, but it’s not TW that’s the problem….it’s the dial-codes Sammy allows. The skin has nothing to do with it other than being there.

    It’s like blaming the moon for making it cold at night….sure, the moon may be visible…but that ain’t why it’s cold.

    Ok…enough facts…back to your TW hate-fest.

    • KleenDroid

      Seems like you should help Google and Samsung fix all their issues.

      • PC_Tool

        I have no idea how they should/could go about fixing it. Never claimed to.

        I do, however, know the difference between a manufacturer skin and a dial-code. (We used the dial-codes a *lot* on the Samsung Fascinate)

        IMO, Samsung shouldn’t have “factory rest” codes accessible from the dialer…and that definitely deserves some scrutiny and perhaps even a little hate, but all of this misdirected venom at the OEM skin is just that….misdirected.

  • Kyle Cummings

    Just one other reason why manufacturer skins are a bad idea.

  • PC_Tool

    Yay! I get to put AOKP_JB on my wife’s SIII.

    Can’t beat that with a stick.

    Ahhh…finally, the security-exploiting worms make themselves useful. It is a good day.

    • fixxmyhead

      shes gonna complain when she gets random reboots and crashes

      just leave the wifes phone stock trust me 😉

      • PC_Tool

        I’ll take your post under advisement, and obviously check out the forums, but B3 runs flawlessly on my GNex, and if it runs anywhere near as well on the SIII, she’s getting it. (That almost sounded dirty…)

        • fixxmyhead

          have they fixed the touch to focus on the camera? havent tried it in a while cuz i still keep hearing about random reboots and other stuff plus there still not finished

          • PC_Tool

            It’s AOKP…they will *never* be finished. No ROM is ever finished…they just move on to the next version when it comes out (M6 would be the “finished” ICS version of AOKP, I suppose).

            I know next to nothing about the SIII version of AOKP right now. I will check it out when I get home…but touch-to-focus *is* working on my Gnex.

          • fixxmyhead

            hahaha alright. but sorry to say m6 sucks on my tmo s2 (well its ok)but doesnt even have touch to focus for the camera and neither did the last JB nightly i tried about 3 weeks ago. ill check it out today since B3 is out for mine

            but yea head my warning i dont even touch my wifes galaxy nexus. only thing i did was root it and unlocked the bootloader. i didnt even have to but i did it just cuz i could. messed with it once and she got mad that i was “deleting everything and messing it up, etc” or what i call flashing a rom

          • PC_Tool

            This is why Titanium Backup, nandroids, and adb backup are your friends.

            You can unlock, root, flash a custom ROM on the Nexus and not lose a single thing. No apps, no data, no texts, call logs…nothing.

            I haven’t tried adb backup on the SIII yet, but since it shipped with ICS, I believe it should actually work. Agaion, will do the necessary research first. (Been crack-flashing ROMS since I got the Samsung Fascinate…got it down to a science)

          • fixxmyhead

            yea i know i always backup everything before but she gets mad that i “mess” with it. also been flashing since the vibrant 4g

  • DigitalEnforcer

    I guess I have a question then… I have a non-rooted Samsung Galaxy SIII on Verizon. I’ve replaced the launcher with the Nova Launcher… could my phone still be affected by this? (also note I don’t scan random QR codes or NFC tags). Just wondering.

    • PC_Tool

      It has nothing to do with the launcher or skins. Bad reporting. It’s just the dial-codes that Sammy bakes into the OS to allow debugging and some setting changes (and apparently a complete phone reset).

      Your choice of launcher will not effect it in the least.

  • All of you are knocking Samsung and TouchWiz. It isn’t just a TouchWiz problem. It is a problem with the stock Android browser and can be reproduced on older HTC phones as well.

    • S_T_R

      Neither Nexus phones nor HTC phones have a dial code that will factory reset the phone. Samsung, even long before they used Android, uses codes you can dial to get access to engineering functions on the phone. This exploit uses a useful feature, being able to tap a phone number on the screen to dial it, but replaces the phone number with the reset code. Honestly, it’s pretty damn stupid that they would allow the phone to do this.

      • Kernschatten

        Try *#7780# on an EVO 4G. Should be a factory reset

    • Kernschatten

      I was going to post the same thing.

    • Jason James

      if it runs on older htc how is it stock android browser unless that htc device has jellybean and using chrome which is now the stock android broswer

      • Perhaps the Sense browser was based on the stock Android browser? I don’t know man. I’m just passing along the message.

  • KleenDroid

    I would be pissed if I scanned a QR code and it factory reset my phone. Ha, but it would be funny.

  • Butters619

    No offense, but with Google syncing everything this would set me back like 5 minutes.

    • JoshGroff

      Including the time it takes for the data reset. Lost app data would be annoying though for non root users.

    • New_Guy

      Exactly. It would suck having to reload all the apps. But most apps I use are syncable as well (Evernote, Gmail, Kindle, Dead Trigger). Sucky? Yes. Nationwide panic? It is not.

  • wow, need to use common sense when using your phone huh?

  • Guest

    Good thing I installed AOKP finally

  • john

    install apex or nova

    • KB26

      ddeuud thaat wirf wrrok yu ar a genuiss

      The skin is NOT the launcher. It’s like a mini operating system from the manufacturer.

  • zepfloyd

    You’ve been Samsung’d!!

  • yel

    This is why Android phones should ALL have the stock OS and no skins…are you listening VZW?

    • hkklife

      Not just VZW and the carriers…the hardware manufacturers should take note as well!!

    • billy routh

      Then android would be plain boring. Touchwiz adds suo much more to android and I have a nexus and gs 3

  • jak_341

    It’s things like this that are giving credibility to the Android is not secure.

    • Bionicman

      its not android, its samsung. and it sounds like something that can be fixed through a patch.

      • jak_341

        Unfortunately we know that is true. Most people simply assume it is Android.

        • It is Android. Apparently some have reproduced this on some HTC phones and this bug has been around since Android 2.1. I have yet to confirm this but that’s what I’ve read.

    • Jeremy Gentry

      i’m sorry but if someone is dumb enough to download an app called “2 girls one samsung” or scan random QR codes tattoo’d on people’s backs, they deserve to get their phone wiped.

    • KleenDroid

      You didn’t read the story. It is the Touchwiz skin that is the issue.

      You could make the statement that Touchwiz is not secure…..

  • TheDrunkenClam

    Nobody going to rush to defend manufacturer skins here? C’mon, where the trolls at?
    Like I’ve been saying All along, manufacturers need to just make the hardware, and let Google make the software

    • PC_Tool

      ” C’mon, where the trolls at? ”

      You’re it, man. Look in the mirror. The only purpose of your post is to bait folks who like TW/Blur/etc so you can troll them.

  • Chuck Finley

    Yet another reason that Android phones should be able to move away from “skins”, especially if you’ve had a chance to use stock Jelly Bean…

    • billy routh

      If we were all stuck with stock android it wouldn’t be nearly as popular as it is. I mean there’s a reason Samsung is the one making the most money off of android. Stock android is good for people who like tinkering with things but not much use to anyone else.

  • 1. Make sign with a QR code on it for this “Feature” which will be known as the S-R
    2. Put on the sign that it’s for GSIII owners only
    3. Put the sign in a heavy traffic area
    4. Sit down, smoke a cigar, and watch

    If I was feeling particularly evil that day of course

  • htowngtr

    Note to vendors: Quit effing around with your own proprietary skin and just use stock google.

    • Brave_Woman

      Or… better yet… just allow the individual users to decide, “stock” or “custom” skins.

  • moelsen8

    here’s a great example of why carriers should not be involved in the upgrade process. samsung needs to fix this ASAP and get it out to everyone….. ASAP. I bet it takes months to get out to carrier-branded devices.

  • Jeremy Gentry

    Touchwiz Blows! end of story

    • fixxmyhead

      still gonna keep using touchwiz browser its my favorite

      and its not just touchwiz u moron

      • PC_Tool

        Well now be nice…he’s only going off of what all the other mouth-breathing haters are saying here.

        …but you’re right. It’s not TouchWiz. It’s the dial-codes. The skin has nothing to do with it other than to serve as another outlet for some folk’s overblown sense of the dramatic.

        • Royal2000H

          But according to the article this only works on Touchwiz phones..?

          • PC_Tool

            Yes. The article does state that. …and while these phones *do* have TouchWiz, the skin has nothing to do with the issue. It’s the dial-code that resets the device that is the problem….which is completely unrelated to the skin.

          • Royal2000H

            For a second: instead of calling touchwiz just the visual skin, consider it as the manufacturer customization to android. In other words, any changes the manufacturer made to the phone, just as any ROM maker would in a ROM. Under that definition, is TouchWiz not the culprit based on the article?

          • PC_Tool

            Two problems with that:

            When anyone hears or sees “TouchWiz”…they think “OEM Skin”…just look at the comments; They are all winging on about how OEM Skins are so $#@^ bad. As such, it is obvious that the generally accepted consensus is that “TouchWiz” refers to the OEM Skin.

            Even AOSP has dial-codes. Samsung simply added a few that go beyond what AOSP already has. Sure it’s still “manufacturer customization”, but it would generally have no effect at all on the user outside of this exploit. (I am not excusing the reset dial-code…it shouldn’t be there obviously)

          • Royal2000H

            I disagree with you. Just as I see Cyanogenmod as a ROM which includes features and customizations to the OS, not just the visual skin. So do I see TouchWiz as a ROM with customizations, not just a visual skin. As you can clearly see – these phones have been customized beyond their visual design, so it cannot be true that manufacturer customization is limited to visual aspects. Therefore TouchWiz describes the ROM as a whole, not just the visual differences.

          • PC_Tool

            “I disagree with you.”

            I am happy for you.

            “…it cannot be true that manufacturer customization is limited to visual aspects. ”

            I never said it was.

            “Therefore TouchWiz describes the ROM as a whole, not just the visual differences.”

            Ignoring the generally accepted definition in favor of the technical definition is a really good way to ignore reality. Politicians have been doing it for centuries. You are in really good company.

            However, the masses seem to disagree with you, judging by the hatred being spewed at OEM skins in this topic right now. Enough semantics, hmmm?

          • PC_Tool

            Point being: At the *very* least, the reporting is ambiguous and likely to be misunderstood by the general readership (as made obvious by the responses).

            Regardless of intent, the generally accepted “meaning” was incorrect…and yes, that would be the fault of the reporter either not knowing the audience, not being informed, or purposefully leaving it vague.

      • Jeremy Gentry

        i never said it was touchwiz causing problems, did i say that in my post?!?!? am i missing something? i can’t just state the touchwiz blows all on its own?

        • PC_Tool

          Well, in his defense, he thought that since you posted in this story, that your post was related. How was he supposed to know you were just making random TW-hate posts? 😉

          • Jeremy Gentry

            i wouldn’t defend someone so easily offended by someone elses opinion. but hey! to each his own!

    • billy routh

      So do you.