Open-to-wipe Samsung Galaxy Series (english version)

German version is: here.

Someone just posted a nice way to wipe a Samsung Galaxy S3 without any call backs. Since the original source I’ve got via twitter is gone, here is a thread about it: http://forum.xda-developers.com/showthread.php?p=31994542 and here the YouTube video, which demonstrated it on a conference: http://www.youtube.com/watch?v=Q2-0B04HPhs

This is proved to work not only on Galaxy S3 but also on Galaxy S2 devices (test by me and others). I think all Samsung Android ROMs will behave like this.

For testing porposes, I will link to tias tweet which links to his demopage. This demo will wipe (at least S2 and S3 devices) witout any user interaction when opened on your phone!!!

https://twitter.com/tsia/status/250566154165301248

This demo will wipe (at least S2 and S3 devices) witout any user interaction, when opened on your phone!!!

The USSD code used (*2767*3855#) will also work when tramsmittes via MMS or coded in an NFC tag, but a web page has a lot more power than a single MMS. As it seems, there is no way to protect yourself against it, than not surfing any websites on your phone.

If you want to test if your phone also has this vulnerability, you can grab tsias source code and modify it for another USSD code which is more harmless, e.g. the one showing your IMEI number: *#06#.

I think you’d better have a backup of your phone. I love TitaniumBackup on Android for that job.

Update: This seems only to factory-reset your phone, not to wipe it completely. Media stored on the sd-card is not deleted, as mentioned on twitter:

3 Gedanken zu “Open-to-wipe Samsung Galaxy Series (english version)

  1. Pingback: Open-to-wipe Samsung Galaxy Serie | Nicos Blog

  2. Pingback: honeyn3t » those other guys are the shirts; we are the t-shirts… » Samsung Galaxy Phone Wipe Exploit

  3. Pingback: IT Secure Site » Blog Archive » Remote resetting a Samsung phone made easy

Hinterlasse eine Antwort

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *


drei × = 24

Du kannst folgende HTML-Tags benutzen: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>