UPDATE2: Lennyuk has confirmed that you shouldn't be affected by this so long as you're using the latest S3 rom.
UPDATE: Here is a video of this vulnerability being performed at Ekoparty 2012 over the weekend: http://www.youtube.com/watch?v=Q2-0B04HPhs
I'll keep this quick in order to make sure everyone is aware of this exploit that has been published. I found it here: http://www.exquisitetweets.com/collection/tomscott/1762
Apparently the USSD code to wipe a S3 can be trigged in a browser iframe. Obviously this is bad bad BAD. Until there is a fix for this please keep your wits about you and avoid any hyperlinks to pages from untrusted sources.
MOD EDIT: workaround here
Ok so confirmed, if you are on the latest S3 rom (and maybe other samsung phones) your phone should no longer auto-launch the USSD code to do a factory reset.
UPDATE: Here is a video of this vulnerability being performed at Ekoparty 2012 over the weekend: http://www.youtube.com/watch?v=Q2-0B04HPhs
I'll keep this quick in order to make sure everyone is aware of this exploit that has been published. I found it here: http://www.exquisitetweets.com/collection/tomscott/1762
Apparently the USSD code to wipe a S3 can be trigged in a browser iframe. Obviously this is bad bad BAD. Until there is a fix for this please keep your wits about you and avoid any hyperlinks to pages from untrusted sources.
Code:
the USSD code to factory data reset a Galaxy S3 is *2767*3855# can be triggered from browser like this: <frame src="tel:*2767*3855%23" />
MOD EDIT: workaround here
Last edited: