A line of malicious code embedded in a Web page can cause some Samsung Galaxy smartphones to lose all their data, security researchers said. Samsung said, yes, they are aware of the issue and a fix has been out for months.
The code, composed of 11 digits and symbols, ended up revealed at a security conference in Argentina, according to a published report.
Samsung issued a statement saying it has already dealt with the issue:
“We would like to assure customers that the recent security issue affecting the Galaxy S III has already been addressed in a software update. We believe this issue was isolated to early production devices, and devices currently available are not affected by this issue. To ensure customers are fully protected, Samsung advises checking for software updates through the ‘Settings: About device: Software update’ menu. We are in the process of evaluating other Galaxy models.”
Teri Daley, senior director of public relations at Samsung, said the company found the problem ended up addressed in a software update issued months ago, so only customers using older versions of the software would be vulnerable. She said the company was trying to determine the specific models and software versions affected by the vulnerability.
The Galaxy S III and some Galaxy S II smartphones are vulnerable to the attack. Daley said customers who downloaded the latest software should be safe.
Tim Strazzere, lead security engineer of Lookout, a mobile security firm, confirmed the attack worked only on Galaxy devices with older software. He said other phones with Android would not suffer from the malicious code, and he recommended phone owners always keep their software up to date. He also said Android users should use Google’s Chrome browser instead of the standard one on the phone.
Mobile devices are typically not as prone to running into viruses or malicious software as PCs, but smartphones have become bigger targets as their numbers have grown. Google in February introduced a security system called Bouncer, which analyzes Android apps for suspicious code to prevent malware from entering the Android app store.