Samsung Issues Software Update For Galaxy S III Vulnerability

By Kristin Bent
September 26, 2012 3:36 PM ET

Samsung released Wednesday an over-the-air update for a vulnerability discovered in its Galaxy S III smartphone that lets hackers remotely tap into and wipe personal data from the device.

The vulnerability was first discovered last week by Ravi Borgaonkar, a researcher in the Security in Communications department at Technical University Berlin, according to a report from ZDNet. Borgaonkar discovered that the way in which the Galaxy S III submits information to an application server leaves it vulnerable to a breach.

According to Samsung, users can update the software on their Galaxy S III smartphones to alleviate the risk.

"We would like to assure our customers that the recent security issue concerning the Galaxy SIII has already been resolved through a software update," a Samsung spokesperson told ZDNet. "We recommend all Galaxy SIII customers to download the latest software update, which can be done quickly and easily via the over-the-air (OTA) service."

If not addressed, Galaxy S III users run the risk of accessing a malicious line of code that sparks a factory reset on their phones. All personal information, as a result, will be wiped.

Samsung has not specified whether its Galaxy S or Galaxy S II smartphones are also at risk and did not immediately respond to a request for comment.

Samsung's Galaxy S line of smartphones run Google's Android, a mobile operating system that has become increasingly susceptible to malware attacks, according to a recent report from F-Secure Labs, a Helsinki, Finland-based security company.

In the first quarter of 2012, F-Secure Labs found 37 new families and variants of Android-specific malware, a significant jump from the 10 variants it discovered in the first quarter of 2011.

Part of this increase was attributed to malware authors "Trojanizing" applications in an effort to bypass antivirus signature detection. Some authors are also Trojanizing bootleg copies of well-known apps, thereby capturing users' passwords and other information stored on their mobile devices.

PUBLISHED SEPT. 26, 2012

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	10 Security Companies That Have Scored CIA Funding CIA-funded venture firm invests millions in technology startups, mostly security firms. Find out which security companies won In-Q-Tel funding.
	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	More Slide Shows