It seems that Galaxy S III with the most recent firmware is not affected by this vulnerability anymore. When accessing a website that contains the code to trigger the vulnerability (e.g. killdroid.kenneth.io - thanks to Kenneth Auchenberg - @auchenberg) the dialer opens empty, with no code in it.
Em terça-feira, 25 de setembro de 2012 15h04min23s UTC-3, Jeffrey Walton escreveu: > > > http://www.ibtimes.co.uk/articles/387852/20120925/samsung-smartphone-hack-remote-wipe-galaxy-touchwiz.htm > > > Samsung smartphones including the Galaxy S3, Galaxy S2, Galaxy Ace, > Galaxy Beam and Galaxy S Advance all appear to be affected by the bug > which triggers a factory reset on your phone if your web browser is > pointed to a particular website. > > Smartphones can also be directed to the code through NFC or using a QR > code. Once the process has been initiated, users are have no way of > stopping it. > > If a user taps an NFC tag which has the website pre-loaded onto it, > there will be no warning for the user, which is the same if a user > scans a QR code with the website URL embedded in it. > > Only Samsung smartphones running the company's proprietary TouchWiz > user interface appear to be affected. > > According to telecoms engineer Pau Oliva, the Samsung Galaxy Nexus is > not affected, as it runs on stock Android and doesn't use the TouchWiz > skin on top. > ... > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/qlajrfrhBc0J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
