PSA: Watch what sites you load

[Shabbypenguin]

Some of you may have heard the big news, there is a bit of html code that can remotely do a factory reset on your device while browsing around without your consent or way to stop it. the website has to have it setup and has to the stock web browser. since this exploit was released into the public it is unknown on if any sites may "maliciously" add it in. i cant confirm or deny that this device may be subject to this exploit, but its for teh best that you know anyways.

the code can be viewed via a frame on a website, so some jerk posting the html code into a comment isnt gunna make the site screw your phone up. so it has to be setup to run the exploit, but since it is only a few lines im sure a few sites already have ill intentions. if anyone would like to test their device with the exploit i have a secret page setup that i have been testing my devices on. if it doesnt affect your device than ill post about it here and everyone can breathe a sign of relief.

so far it seems its only samsung devices that are affected but many more could be.

 

[qandres12]

shabby ill test this. im restoring my phone back to stock anyways so i might as well. pm me the secret link

 

[Rxpert83]

It's only touchwiz Samsung devices from what I've read

 

[Shabbypenguin]

shabby ill test this. im restoring my phone back to stock anyways so i might as well. pm me the secret link

It's only touchwiz Samsung devices from what I've read

its the browser not touchwiz.

anyways may not be of any big concern, everyone is ranting about the sgs3 reset code since even the sgs2 has a diff code to reset it it means that the "exploit" may be on many devices but in order to effectively target them you would have to have every dialer code for every phone and i dont see that happening.

a more likley solution is someone who knows of lets say the admire or lg motion, builds a new site that gets a lot of google hits like lgmnotionrecovery.com or something of teh sort and expects lg motion owners to pull it up on their device

if you give me the dialer codes for this device ill make a page to test, im not gunna use teh factory reset one ill use something like debug menu etc

 

[qandres12]

its the browser not touchwiz.

anyways may not be of any big concern, everyone is ranting about the sgs3 reset code since even the sgs2 has a diff code to reset it it means that the "exploit" may be on many devices but in order to effectively target them you would have to have every dialer code for every phone and i dont see that happening.

a more likley solution is someone who knows of lets say the admire or lg motion, builds a new site that gets a lot of google hits like lgmnotionrecovery.com or something of teh sort and expects lg motion owners to pull it up on their device

if you give me the dialer codes for this device ill make a page to test, im not gunna use teh factory reset one ill use something like debug menu etc

the debug code for the dialer on the admire is ##33284#

 

[Shabbypenguin]

just confirmed its on teh prevail gb http://androidforums.com/samsung-ga...sa-watch-what-sites-you-load.html#post4999318

Exploit test to test without wiping your data. does this device have a dialer code to do a factory reset? or any other malicious kind of attack?

 

[qandres12]

just confirmed its on teh prevail gb http://androidforums.com/samsung-ga...sa-watch-what-sites-you-load.html#post4999318

Exploit test to test without wiping your data. does this device have a dialer code to do a factory reset? or any other malicious kind of attack?

yes it does have a factory reset code. i know because i type it in thinking it was a different code and it reset everything. i dont know what it is at the moment though

 

[Shabbypenguin]

yes it does have a factory reset code. i know because i type it in thinking it was a different code and it reset everything. i dont know what it is at the moment though

ok then. you guys are in teh same boat as teh prevail. id suggets using a different browser on sites you dont know etc

 

[qandres12]

ok then. you guys are in teh same boat as teh prevail. id suggets using a different browser on sites you dont know etc

it works. the site takes me to DATA menu. shabby what dialer code did you use?? i want to be able to disable the usb charging whenever i connect my phone to the computer since the computer doesnt charge the phone right. i can do that through the DATA menu just need the code

EDIT: nevermind i got it lol. shabby you are missed here

 

[enigmadroid]

I'll have the prawn please!