Hidden Web Code "Wipes Out" Data on Samsung's Galaxy S3 Smartphones (Update)
*Update: Samsung issued a statement assuring Galaxy S III users that the security issue has been resolved. Users are recommended to download the latest software update via Over-The-Air (OTA) service.
Samsung - "We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service."
A malicious code, said to be circulating online, may be embedded in HTML codes to erase the entire slate on Samsung's Galaxy S3 handsets. In other words, Galaxy S3 owners who happen to log in to the compromised web page might find their smartphones restored factory default settings without explicit permission given.
Precious data such as contacts, photographs, music, and apps would be wiped clean without warning. Its workings were demonstrated by Ravi Borgaonkar, a researcher based at the Technische Universität Berlin, during a security conference held in Argentina.
According to Mr Borgaonkar, the code consists of just 11 digits and symbols, plus it only requires two to three seconds to do its job. He also added that "once launched, there is nothing a Samsung owner can do to stop it". Samsung is now hard-pressed to deliver a software update to address this issue, in what experts call a "major security vulnerability".
Apart from web pages, the code can also be embedded in a text message, or a web page triggered by a QR code or NFC tag. However, it seems like the Galaxy S3 isn't the only Samsung phone at stake here. Apparently, any Android-based Samsung phone is at risk, and that includes the Galaxy S2 launched last year.
Tweets from Galaxy S3 owners who tested the code confirmed that it did "wipe out" their handsets. On the contrary, those who use Google's Chrome web browser suggest it does not automatically run the code, unlike the stock browser packaged with the device.
Samsung has yet to comment on this matter.