A malicious code comprising just 11 digits and symbols can trigger an automatic factory-reset of the Samsung Galaxy S III. That means all of your previous data such as contacts, photographs, music, apps and other valuable data can be erased without permission or any input from you. Malicious hackers can hide a code in a Web page that will trigger automatic full factory-reset of the Samsung Galaxy S III. Code now circulating freely online, was revealed by computer security conference in Argentina.
Mr. Ravi Borgaonkar, a researcher, demonstrated how the code can be embedded in the HTML code of a Web page. If an unsuspecting Samsung Galaxy SIII owner visits such a page, their smartphone will be restored to its factory settings in just two or three seconds without permission or any input from them and user can do nothing to stop it. According to Mr. Borgaonkar demonstration code can also be embedded in a malicious text message, or called up in the Web browser by a QR code or NFC tag.
Watch video-Demonstration by Mr. Ravi Borgaonkar of major security vulnerability on Samsung Galaxy S3
As well as on the Galaxy S3, the code will also trigger a factory reset on the Galaxy S2 and other devices that use the Korean firm’s version of Google’s mobile operating system, Android. “It’s possible to exploit this attack only on Samsung devices,” said by Mr. Borgaonkar.
Mr. Borgaonkar has uncovered more codes built into Samsung devices that conforms to protocol known as USSD, can be used for more attacks. One code will “kill the SIM card”, he said, adding that the only way to guard against the attacks is to switch off "service loading" in settings, and disable QR code and NFC apps. But he said that he did not want to reveal them because they could be useful to criminals.
Tweets from Galaxy S3 owners who tested the code confirmed that it wiped their handset. On the contrary, some who use Google's Chrome browser said it would not automatically run the code, unlike the browser packaged with the device.
Mr. Rik Ferguson, Director of Research at Trend Micro, a computer security firm, said the disclosure of the vulnerability would be "painful" for Samsung.
But now Users can protect their Samsung Galaxy S III by recent software update, said by Samsung .This recent software update had now resolved the problem what experts described as “major security vulnerability". Samsung insisted all customers to download it as soon as possible.
"We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.", said by Samsung spokesperson.