Update, 7:40am EDT: Samsung tells us it's "currently in the process of conducting an internal review" into the situation with on the Galaxy S2 and other affected phones. Our own testing, and reports from readers, suggests that devices like the Galaxy S2 and Galaxy Note remain vulnerable to the USSD exploit.
Original story: Yesterday we reported on a particularly nasty security vulnerability in some Samsung smartphones, which could lead to a factory reset being triggered upon visiting a website containing malicious code. Phones confirmed to be affected included the Galaxy S2, Galaxy Beam and Galaxy Ace. Our testing on various Galaxy S3 models was inconclusive, though. Some models seemed vulnerable, while others were immune.
This morning, we have official confirmation from Samsung that Galaxy S3's around the world should indeed be protected from this exploit, assuming they're running the latest software update.
"We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update.
We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service."
Like Samsung, we always recommend keeping your phone up-to-date with the latest firmware. So if your Galaxy S3 phone is up-to-date, you shouldn't have anything to worry about. Of course, there's nothing in that statement about Galaxy S2-class devices, which our own tests, and reports from readers, have shown are still very much at risk from this latest vulnerability. We're sure Samsung will be hurriedly preparing updates for those devices, now that this exploit method is out in the open. Nevertheless, we'll update you with any new info they provide on the Galaxy S2 or other phones.
In the meantime, if you're still concerned that your Samsung phone may be vulnerable to the USSD bug, you can check our quick, easy USSD vulnerability test to see if you're protected or not.
- Related devices:
- Filed under: