Samsung seems to love being in the news no matter the reason be good or bad. Unfortunately for them, this time, it’s yet another bad reason. As it turns out, a flaw has been discovered in Samsung’s phones which run their own UI framework called TouchWiz which makes it easy for anyone to embed a small piece of code in a link and send it to the phone and wiping it completely without even the need of any user confirmation. Scary!
The code consists of a few numbers wrapped in an iframe and once sent to the TouchWiz device owning user by any means of communication, can be used to wipe off all data on the device as well as lock the SIM card being used. Devices ranging from Galaxy S 3 to Galaxy S 2, Galaxy Ace, Galaxy Advance and more have been tested to be susceptible to this flaw. One thing noticed during testing has been that Chrome doesn’t allow the code to run so it only works through the default Android browser.
Not all Samsung devices are effected so if you’re lucky like us and own a stock Android experience phone like Galaxy Nexus, you’ll be safe from this vulnerability. Galaxy S 3 running Jelly Bean has also been found to be immune to this bug as it opens the dialer but doesn’t execute the code.
We are waiting to find out Samsung’s response to this issue.
Thanks to the Next Web for some of the findings.