, and

Update: Don’t go to strange links on either device, kids.

Woah, we’ve got some crazy news here that’s just come from the depths of the internet. The Samsung Galaxy S II can be exploited super easily allowing anyone to possibly factory reset your device from inside the browser using a USSD code.

Basically, what can happen is you can be sent to a website which will open up the dialer as it recognises a phone number, but that phone number is actually a USSD code, and that USSD code is set up by Samsung to factory reset the device. Not a safe way to do it, Samsung, that’s for sure.

No doubt after hearing of this, a fix will be on the way very, very soon. Be sure to check out the video above to hear more about this exploit. In the mean time, be careful where you browse and don’t click on links that you don’t know where they lead to.

Source: alejandrospamlocoReddit.
7 Comments
newest
oldest most voted
Inline Feedbacks
View all comments
Jakdaw
Jakdaw
8 years ago

Here’s an app to prevent such requests getting from a website to the dialer:

https://play.google.com/store/apps/details?id=com.openmarket.protectsam

Guest
Guest
8 years ago

Exploit doesn’t work on Vodafone AU variant of SGS3 running software ver I9300TDULH1.

PointZeroOne
PointZeroOne
8 years ago

Yeah my galaxy s3 doesn’t parse the full code just the * to the dialler.

Gee Bee
8 years ago

I BET YOU THAT THE BOYS FROM CUPERTINO DESIGNED THIS

Mark
Mark
8 years ago

Actually, based on this, the S3 is actually safe as this vulnerability appears to have been recently fixed in updates:

http://forum.xda-developers.com/showthread.php?t=1904629&page=5

Unfortunately the same can’t be said about many other phones at this point. It appears the bug dates back as far as Android 2.1 🙁

Jack
Jack
Reply to  Mark
8 years ago

Gizmodo has a video showing an S3 running 4.1 where this hasn’t been fixed.

Hikari0307
Hikari0307
Reply to  Jack
8 years ago

apparently most S3 has been patched to fix this problem weeks ago.Some on the other hand is still affected~~ Though the Aussie 4G S3 is still affected or something even though it came with 4.1~~
http://www.androidpolice.com/2012/09/25/video-most-galaxy-s-iii-devices-are-not-vulnerable-to-ussd-wiping-exploit-it-was-already-fixed-in-an-update/
http://www.gizmodo.com.au/2012/09/touchwiz-security-bug-could-wipe-your-samsung-galaxy-phone/