Samsung Issues Software Update For Galaxy S III Vulnerability


Samsung released Wednesday an over-the-air update for a vulnerability discovered in its Galaxy S III smartphone that lets hackers remotely tap into and wipe personal data from the device.

The vulnerability was first discovered last week by Ravi Borgaonkar, a researcher in the Security in Communications department at Technical University Berlin, according to a report from ZDNet. Borgaonkar discovered that the way in which the Galaxy S III submits information to an application server leaves it vulnerable to a breach.

According to Samsung, users can update the software on their Galaxy S III smartphones to alleviate the risk.

[Related: Samsung Launches First Windows Phone 8 Smartphone, Vows Commitment To Microsoft's OS]

"We would like to assure our customers that the recent security issue concerning the Galaxy SIII has already been resolved through a software update," a Samsung spokesperson told ZDNet. "We recommend all Galaxy SIII customers to download the latest software update, which can be done quickly and easily via the over-the-air (OTA) service."

If not addressed, Galaxy S III users run the risk of accessing a malicious line of code that sparks a factory reset on their phones. All personal information, as a result, will be wiped.

Samsung has not specified whether its Galaxy S or Galaxy S II smartphones are also at risk and did not immediately respond to a request for comment.

Samsung's Galaxy S line of smartphones run Google's Android, a mobile operating system that has become increasingly susceptible to malware attacks, according to a recent report from F-Secure Labs, a Helsinki, Finland-based security company.

In the first quarter of 2012, F-Secure Labs found 37 new families and variants of Android-specific malware, a significant jump from the 10 variants it discovered in the first quarter of 2011.

Part of this increase was attributed to malware authors "Trojanizing" applications in an effort to bypass antivirus signature detection. Some authors are also Trojanizing bootleg copies of well-known apps, thereby capturing users' passwords and other information stored on their mobile devices.

PUBLISHED SEPT. 26, 2012