So, from what I can tell, this *only* affects certain "TouchWiz" devices.
On standard Android, it will lauch the dialler - but the user has to hit the dial key for anything to happen.
And, depending on their device, hitting dial will try to send the code as a USSD rather than processing it internally.
Until Samsung issue an update there's little you can do other than replace the TouchWiz dialler.
I wonder, even if it opens the dialer, should we be worried.
What if it is dialed automatically and and shown a bit later.
The dialer display lag is something playing up.
JB 4.1.1
surely it depends if the browser is a system app or not?
If it is a system app chances are it has permissions to dial out, if not, it won't
edit:
If you are on an ics rom please try this from whatever browsers you have installed and let me know which browser, if its a system or data app and what happens.
http://ninpo.qap.la/test/index.html
that link is safe! It triggers a safe ussd code not the wipe one
It seems that there is something different.
My SGS 3 4.0.4 uses this default dialer ("Phone" app):
SSLHTTP dl.dropbox .com/u/2188108/Screenshot_2012-09-25-15-33-29.png
But, someone here posted this article:
dylanreeve.posterous .com/remote-ussd-attack
... where Phone app looks quite a bit differen. Huh?
That may explain why it does not work on my device.
All current S3 firmware should be patched, samsung were informed of this issue some months ago and actively fixed it.
HTC for that matter is still wide open and maybe other companies too.
It's looking like this is the case. Do you have a source for that information?
I spoke with the guy who told samsung to patch it, he told them about 3 months ago.
he didn't tell anyone else.
Ok so confirmed, if you are on the latest S3 rom (and maybe other samsung phones) your phone should no longer auto-launch the USSD code to do a factory reset.
the USSD code to factory data reset a Galaxy S3 is *2767*3855# can be triggered from browser like this: <frame src="tel:*2767*3855%23" />
It's looking like this is the case. Do you have a source for that information?