HomeInternetMalicious USSD code fixed for Galaxy S3, other TouchWiz phones still vulnerable

Malicious USSD code fixed for Galaxy S3, other TouchWiz phones still vulnerable

Malicious USSD Galaxy S3

It’s been a few days since the malicious USSD code capable of wiping off all data from some Samsung TouchWiz smartphones emerged and the South Korean conglomerate has already issued a fix for the Galaxy S3. While this release is said to eliminate the threat on the mentioned device, there’s no confirmation whether the issue on other handsets featuring the UI have been patched as well.

The issue came to life at security conference in Argentina where researcher Ravi Borgaonkar from the Technical University Berlin, pointed out the vulnerability that could wipe off all data from a Samsung phone on execution. The USSD code can be distributed in the form of a link, a QR code and even through sharing means like over Bluetooth and NFC.

“We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service, reads the official statement from Samsung sent to TechCrunch.

Unlike the Galaxy Nexus which has the stock launcher on-board, the TouchWiz UI seems to go out on a limb and execute the code in the dialer. The outcome here is a full wipe/reset of the phone’s memory. We’re not sure whether it affects the external SD card though, but that’s not like to happen.

For Samsung Galaxy S3 owners, the USSD code vulnerability has been patched and the company is releasing it through an OTA update.