Share this Story

Samsung: Factory Wipe Security Hole Already Patched on Galaxy S3

Samsung issued a statement early this morning to address the USSD security hole that was presented at a security conference last week. For those of you who missed the story yesterday, this security exploit could set your Galaxy S3 or earlier Samsung phone (possibly other Android phones as well) into a factory reset with no way of stopping it. Basically, a line of HTML code was capable of automatically launching a code through the dialer which would trigger the wipe. Thankfully, Samsung patched this hole some time ago through an OTA update. 

Here is what Samsung had to say:

We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.

If you haven’t as of this morning, we also highly recommend that you apply the newest update for your Galaxy S3. Well, unless you unlocked its bootloader and are running some custom version of Android, because then you wouldn’t be affected.

Via:  TechCrunch

  • S.Ober

    I got propted for an update though the night. However, It failed since I am on CWM.

  • The update is most likely already in your phone. If you have 4.0.4 than you don’t have this issue.

    • michael arazan

      That;s good to hear it is in the 404 update, If I had an SG3 I wouldn’t have downloaded the last update that dumbs down the search on the phone, that’s BS that already sold phones are suppose to get it, it should be new phones only being made, the old phones and already sold phones should be grandfathered somehow, for already owners of the SG3 before the law suit, I’d think owners could class action suit Samsung for dumbing their devices down, eff apple

  • I wish they would send out a fix for whatever the cause of the ‘Cell Standby’ running @40% all the time

  • angel maldonado

    I got the OTA update yesterday morning, I thought it was jelly bean lol

  • Tristan Cunha

    To see if your phone is veulnerable (and I was surprised to find my GNEX was) check out this CNET article: http://www.cnet.com.au/test-your-android-phone-for-the-web-browser-hard-reset-exploit-339341779.htm
    It includes a link to a similiar function to see if your dialer will launch from a web page, and include the reset code, the test link just pops up your IMEI code.
    A quick fix if your phone is vulnerable is to download this app: https://play.google.com/store/apps/details?id=com.voss.notelurl
    This basically gives your phone a 2nd option besides launching the dialer, circumventing the problem, at least until you can get updated firmware.

    • PuzzleShot

      My Galaxy Nexus isn’t, and it’s on stock jelly bean. The article even says that it isn’t vulnerable. First off, it doesn’t dial the number by itself. Second, the test says to ignore whatever happens if your phone is a Nexus.

  • TG

    no update..what version am I supposed to be on? help me kellex kenobi, you’re my only hope.

  • The inevitable joke: Verizon coming 2015.

  • SJ Prettyman

    What about those of us who can’t get the VZW update for the GS3? I’ve contacted VZW about getting a “service unavailable” error every time I check for an update….they have no clue what it is or how to “fix” it.

    • EndiSky

      Thank god that your not running unauthorized software with a rooted phone or Verizon might not be able to assist you! … Ohhhhh wait…. You are running authorized software that will damage your phone and they STILL cant help you. Good luck SJ, I did a quick browse of
      http://forum.xda-developers.com/forumdisplay.php?f=1708 and did not see a solution. You might want to browse around there though.

    • PuzzleShot

      Did you try going into airplane mode, then turning on wifi, then searching for update?

      • SJ Prettyman

        Tried all that as well. VZW tech support even called Samsung, and the Samsung tech support did not even have a clue as to what is up.

  • So S3 is patched… but no other Galaxy phone was patched