Samsung TouchWiz vulnerability will wipe some phones after just clicking a link


Samsung is finding itself in a spot of bother this morning, as a particular piece of HTML code has emerged that, when clicked, instantly resets the Galaxy S II — and potentially other Android devices running the TouchWiz UI. Posted by Pau Oliva earlier today, the code was initially thought to affect the current flagship Galaxy S III model, however multiple negative reports and our own testing have shown that it only brings up the phone's dialer, failing to execute the full reset without user intervention. The latter is really the issue here: Samsung's software changes atop stock Android are allowing the GS II to automatically dial the hard reset code, taking away a critical aspect of user control.

The Galaxy S II is the only device we're certain is affected by the problem so far, though Tweakers.net reports successfully recreating it on the Galaxy S Advance as well. We're in touch with Samsung to get a better idea of the full scale and depth of this vulnerability.

Update: We have now tested this flaw on an AT&T Samsung Galaxy S III and have confirmed it works on that carrier's version of the phone. Samsung tells us it's "looking into" the reports.

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.