Word’s been spreading this morning of a newly-discovered attack on Samsung phones running TouchWiz, which has the potential to let a hacker remotely perform a factory reset on your smartphone, erasing all your data in the process. Just what’s the issue here, and do you have cause to worry about your data?
Like any smartphone, Samsung models have features that can be triggered by entering the appropriate code string in the phone’s dialer. One such USSD code on TouchWiz-running handsets can be used to quickly perform a factory data reset. That’s not a super-big concern on its own, but today’s news claims that putting a telephone link containing that string on a webpage, even embedded in a hidden frame, could still send the code to the phone’s dialer, triggering the wipe with no user action.
Here’s where things get confusing. The guy who put out the warning call about this attack has since taken his notification down, upon reports that the exploit is not as easily triggerable via embedded frame as he thought. Some curious users have tried things themselves, and reported it not working. On the other hand, others say that it is wiping devices, and point to a number of ways to trigger the event on a victim’s phone.
For the moment, we’d advise not crawling down the dark corners of the internet on your Samsung TouchWiz Android, at least until Samsung has a chance to respond to this news and we learn the full extent of its impact.