Samsung's smartphones vulnerable to factory reset exploit
Samsung's Galaxy S3 smartphone can be remotely wiped by a single line of code.
The hack involves a line of USSD (Unstructured Supplementary Service Data) code being sent to the device from a website, NFC or a QR code which wipes it entirely. It was revealed by Ravi Borgaonkar at the Ekoparty security conference, according to Slashgear.
See also: Samsung responds to Galaxy S3 hack
If the device is sent the code, it automatically runs and triggers a factory reset. The user can see is taking place but can do nothing to stop the process. A similar USSD code could be used to kill, or 'brick' the SIM card rendering it useless.
Samsung devices using the TouchWiz software are affected which means it's more than the Galaxy S3 which is vulnerable. According to Slashgear, regular Android devices get the code but don't automatically run it like Samsung's.
Borgaonkar said: "Typically it (a USSD code) is used to send messages between a mobile phone and an application server in the network. Nowadays there are multiple services based on USSD, such as mobile banking, social networking (facebook, twitter), updating mobile software over-the-air, prepaid recharge/account balance info etc."
Samsung hasn't commented on the issue as yet.