Update: Don’t go to strange links on either device, kids.
Woah, we’ve got some crazy news here that’s just come from the depths of the internet. The Samsung Galaxy S II can be exploited super easily allowing anyone to possibly factory reset your device from inside the browser using a USSD code.
Basically, what can happen is you can be sent to a website which will open up the dialer as it recognises a phone number, but that phone number is actually a USSD code, and that USSD code is set up by Samsung to factory reset the device. Not a safe way to do it, Samsung, that’s for sure.
the USSD code to factory data reset a Galaxy S3 is *2767*3855# can be triggered from browser like this: <frame src=”tel:*2767*3855%23″ />
— Pau Oliva (@pof) September 25, 2012
No doubt after hearing of this, a fix will be on the way very, very soon. Be sure to check out the video above to hear more about this exploit. In the mean time, be careful where you browse and don’t click on links that you don’t know where they lead to.
Here’s an app to prevent such requests getting from a website to the dialer:
https://play.google.com/store/apps/details?id=com.openmarket.protectsam
Exploit doesn’t work on Vodafone AU variant of SGS3 running software ver I9300TDULH1.
Yeah my galaxy s3 doesn’t parse the full code just the * to the dialler.
I BET YOU THAT THE BOYS FROM CUPERTINO DESIGNED THIS
Actually, based on this, the S3 is actually safe as this vulnerability appears to have been recently fixed in updates:
http://forum.xda-developers.com/showthread.php?t=1904629&page=5
Unfortunately the same can’t be said about many other phones at this point. It appears the bug dates back as far as Android 2.1 🙁
Gizmodo has a video showing an S3 running 4.1 where this hasn’t been fixed.
apparently most S3 has been patched to fix this problem weeks ago.Some on the other hand is still affected~~ Though the Aussie 4G S3 is still affected or something even though it came with 4.1~~
http://www.androidpolice.com/2012/09/25/video-most-galaxy-s-iii-devices-are-not-vulnerable-to-ussd-wiping-exploit-it-was-already-fixed-in-an-update/
http://www.gizmodo.com.au/2012/09/touchwiz-security-bug-could-wipe-your-samsung-galaxy-phone/