Samsung quickly fixing HTML exploit on Galaxy S III, others

Samsung is reacting quickly to this week’s news of an HTML exploit that can wipe the data or factory reset the company’s Android phones running Samsung TouchWiz. On Tuesday, video of the exploit — which uses phone dialer codes — was shown on Samsung’s flagship phone, the Galaxy S III, but the issue applies to other Samsung devices as well. As a result, the company is quickly moving towards a fix that will be sent out as a software update, currently being tested.

According to the The Verge, Samsung has issued the following statement:

“We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update. We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.”

Although Samsung is specifically mentioning the Galaxy S III, it’s likely working on a widespread fix. The problem lies with TouchWiz, which is Samsung’s user interface on all of its Galaxy phone devices. By tapping an HTML link with a phone number — in this particular case, a number that takes action on the phone — the TouchWiz dialer automatically opens and begins to dial. The feature is meant as a convenience for phone numbers that are HTML links; not uncommon for smartphones.


GigaOM