clock menu more-arrow no yes mobile

Filed under:

Samsung TouchWiz vulnerability will wipe some phones after just clicking a link

New, 284 comments

Samsung is finding itself in a spot of bother this morning, as a particular piece of HTML code has emerged that, when clicked, instantly resets the Galaxy S II — and potentially other Android devices running the TouchWiz UI. Posted by Pau Oliva earlier today, the code was initially thought to affect the current flagship Galaxy S III model, however multiple negative reports and our own testing have shown that it only brings up the phone's dialer, failing to execute the full reset without user intervention. The latter is really the issue here: Samsung's software changes atop stock Android are allowing the GS II to automatically dial the hard reset code, taking away a critical aspect of user control.

The Galaxy S II is the only device we're certain is affected by the problem so far, though reports successfully recreating it on the Galaxy S Advance as well. We're in touch with Samsung to get a better idea of the full scale and depth of this vulnerability.

Update: We have now tested this flaw on an AT&T Samsung Galaxy S III and have confirmed it works on that carrier's version of the phone. Samsung tells us it's "looking into" the reports.