Yesterday, we reported on a major security flaw within TouchWiz on the Galaxy S III, among a handful of other Samsung devices. The issue allowed the devices to be remotely wiped, leaving the user helpless, and to double-up on the attack, the attacker could also make the SIM card completely useless, which in many respects, is more disastrous than the smartphone wipe.
With the S III being the Korean company’s flagship handset, such a problem couldn’t linger – particularly with the iPhone 5 and Lumia 920 ready to pounce on uncertain consumers – but Samsung has been pretty prompt in releasing an over-the-air (OTA) update which, it says, fixes the issue.
That’s all well and good if you’re running Samsung’s powerhouse, but it now looks as though the problem affects other devices running Android version from three months or older.
As consumers of mobile devices, two of our highest priorities are security and privacy, and if either of those two are in jeopardy, all hell can break loose. Samsung has avoided an escalation of the situation by pushing out a quick fix, but consumers running other devices are in something of a limbo.
Dylan Reeve, a general techie who has developed a vested interest in this field, is the guy responsible for discovering the USSD problem can affect other, non-Samsung devices. He has developed a method whereby you can check whether your device is susceptible, and you can test your device by going over to http://dylanreeve.com/phone.php
The problem is said to be with the Android’s phone dialer. While it was patched about three months ago, not all phone manufacturer’s have patched and pushed a security update for it, nor have all users installed all the available updates on their handsets.
The first thing that you must do now is to install any patches or updates that may come your way. You can also install an alternative dialer onto your device, one that doesn’t automatically dial the potentially malicious code. A simple search over at the Google Play Store will return you back with a bunch of dialer alternatives.
This particular security flaw was a tad bit more of an eye-opener than usual, since its consequences were as bad as could be. A wipe of an entire device shouldn’t be too much of a problem given the various of methods of backing up one should undertake, but a 64GB non-backed-up device relieved of all content would be a real hassle to sort out.
The SIM issue, which like the data wipe bug, can be ignited by one line of USSD code, is capable of rendering a SIM card obsolete. Hence, although an OTA should sort out S III users, all Android users should head over to Reeve’s site and check if they’re at risk.