Samsung issues patch for Galaxy S III TouchWiz UI security flaw


Samsung Electronics is releasing an over-the-air patch to repair a security vulnerability discovered in its flagship Galaxy S III smartphone.

Late last week, researchers revealed that clicking HTML5 code contained in Samsung's TouchWiz user interface could allow hackers to remotely reset the device, wiping out all of the user's personal data. According to security expert Ravi Borgaonkar, who demonstrated the flaw at a conference in Argentina, the vulnerability is a result of how TouchWiz processes unstructured supplementary service data codes that execute commands on the device's keypad, and can be exploited through web links, QR codes and SMS.

"We would like to assure our customers that the recent security issue concerning the Galaxy S III has already been resolved through a software update," Samsung told The Verge. "We recommend all Galaxy S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service." Samsung's Belgian unit confirmed via Twitter that it is testing the patch for the Galaxy S II, although the manufacturer has not yet commented on other devices with TouchWiz integration.

Samsung introduced TouchWiz in 2008. The customizable UI boasts specially designed widgets enabling users to personalize their mobile experience, enabling one-touch access to their favorite applications and features. Samsung relies on TouchWiz to help differentiate its smartphones from other devices running Google's (NASDAQ:GOOG) Android operating system.

For more:
- read this Verge article

Related articles:
Samsung updates TouchWiz UI for bada smartphone
Samsung debuts TouchWiz widget SDK
Samsung brings customizable TouchWiz UI to U.S.