It’s bad enough when you clumsily manage to wipe a few odd bits of data off your phone by accident. But what if your entire phone was wiped, AND your SIM-card killed, remotely by hackers without you being able to do a single thing to stop them?
That’s the issue being faced currently by owners of the Samsung Galaxy S III, Galaxy S II, Galaxy Beam, S Advance and Galaxy Ace. Nearly all of Samsung’s major Android releases have been shown to be susceptible to a malicious hack that will see the entire contents of a user’s phone wiped clean.
The hack was outed by Ravi Borgaonkar at the Ekoparty security conference, detailing a simple USSD code (easily sent through a website, QR code or NFC pairing) that would perform an unstoppable, irreversible factory reset on affected handsets.
As well as the wipe, the hack can also be paired with another attack that breaks SIM-cards, meaning that even if you’ve got contact data backed up on the card, it too could be lost.
The problem seems to lie with an exploit in Samsung’s TouchWiz UI, which sees the handset run the code automatically rather than screen it first. Stock Android only shows the code in the dialler screen, and as a result the Samsung Galaxy Nexus (running stock, vanilla Android) is not affected.
So, how best to defend against the potential attack? As ever, be wary of clicking links that you don’t completely trust, but also switch off automatic site loading in whichever QR and NFC readers you’re using.
Check out the video below to see the hack in action: