While the Android OS has penetrated deep into several segments of the consumer market, a shocking news comes in from a researcher with the telecommunications department of Technical University of Berlin, exposing a serious security loophole in the Samsung smartphones based on the Android OS.
Ravi Borgaonkar, at the Ekoparty Security Conference in Argentina, revealed that the security flaw allows the hackers to access the data that is stored on the handset by sending an SMS or by prompting the users to visit a malicious URL.
As claimed by the report, all the handset vendors use special USSD codes, which users can type on the dialpad in order to access support including “X06X” to know the IMEI number and another one to reset the handset. Borgaonkar pointed that one can create a website with the reset code in it and when a user visits a such a URL, which is *2767*3855# for Samsung, the code will be executed automatically and will wipe all the data from the handset.
It is quite shocking to know that a single code can wipe all the data of the smartphones remotely, but the whole interest is flooded with such reports.
According to a report by CNET, “The current, yet unofficial, list of devices affected by the potential exploit is said to include the Galaxy Beam, S Advance, Galaxy Ace, and Galaxy S II. Each of these runs a version of Android with Samsung's own TouchWiz user interface."
Following this Samsung has claimed that it has issued a software update, which will address the problem on the Galaxy S3. The company also stated that it is checking if the other models are also affected.
"We believe this issue was isolated to early production devices, and devices currently available are not affected by this issue," the company said in a statement. "To ensure customers are fully protected, Samsung advises checking for software updates through the 'Settings: About device: Software update' menu. We are in the process of evaluating other Galaxy models."
At the same time, it is interesting to know that Galaxy Nexus made by Samsung is free from this vulnerability. Some reports claim that the Samsung handsets based on the TouchWIZ UI are the only ones that are affected.