A new security issue that’s affecting several flagship Samsung Galaxy devices is reportedly an inherent Android problem that’s fixable by an upgrade to Jelly Bean.
Handsets such as the Samsung Galaxy S3 and the Galaxy Note were recently discovered to be vulnerable to a so-called USSD exploit that allows hackers to call up the dialer and insert a malicious code that wipes the device clear without the user’s knowledge.
Some security experts claimed it was related to Samsung’s TouchWiz custom UI. However, hackers from the UK and South Africa are now claiming it also affects non-TouchWiz devices.
According to Android Police, the report wipe problem is “not even a Samsung issue” and has been long present on Android, with manufacturers very sluggish to issue patches. The site confirmed that any devices running Android 4.1 aka Jelly Bean, which protects against such exploits, are said to be safe.
“Nexus devices seem unaffected, but any unpatched device could be vulnerable (from any manufacturer) if the correct USSD code was pasted in place of the Samsung one that has been widely reported this morning.
“It would not be rocket science, then, to make this exploit work on an HTC device (we're hearing this is unpatched on all HTC phones).”
However, HTC has already refuted this claim saying its devices “do not support a USSD code to factory reset option”.
Samsung has already rolled out Jelly Bean update for the Galaxy S3 in Poland. It assured that other countries will start receiving it soon, but as usual will vary by market and network requirements.
If your device hasn’t received security update recently or is not running Jelly Bean, chances are it is still vulnerable. So we recommend you tread with caution when coming across suspicious looking sites.
Source: Android Police via Popherald