An Android developer/researcher has discovered a major flaw in the way Samsung phones like the Galaxy S2 and Galaxy S3 interact with unstructured supplementary service data (USSD) code.
Ravi Borgaonkar, the researcher who found the issue, said most phones require users to hit the "dial" button before completing the code, but Samsung's unique TouchWiz interface means their devices do not.
This makes Samsung's handsets vulnerable to a string of malicious code that can not only erase a SIM card in its entirety, but can also restore a phone to its factory default settings remotely.
In both instances, the action happens without warning, and will wipe out all pertinent data before a user even knows what has happened.
Samsung not the only maker at risk
Though Borgaonkar has tested this hack out with the Samsung phones, he believes there may be more devices vulnerable to the malware, depending on what version of Android they are operating.
The malware targets specifically Android 2.3, 3.0: Honeycomb, 4.0: Ice Cream Sandwich, and 4.1: Jelly Bean.
As such, HTC, Sony, and Motorola devices could potentially be at risk, including phones like the HTC One X, Motorola Droid Razr M, and Sony Ericsson Experia Active.
According to Borgaonkar, Android Security was made aware of the flaw in June, and has pushed an update out to all carriers to help prevent the hack from taking hold.
The best way for consumers to stay out of trouble is to make sure the latest updates have been installed, and to avoid suspicious links, apps, or QR codes that could be carrying the infecting code.
TechRadar has reached out to Samsung, and will update this story if and when they return request for comment.
Via SlashGear, Ravi Borgaonkar
