If you’re one of the proud owners of a Samsung smartphone with TouchWiz, such as the Galaxy S2 and some of the S3 models, you should be careful with the sites that you browse because there’s a new web hack that can initiate a factory reset on your smartphone without any user input required.
The web hack is basically just a malicious piece of code that is hidden inside the web page’s html codes, which can be triggered automatically when the phone visits it using the stock browser of a Touchwiz based smartphone (Google Chrome is an exception, as it is not vulnerable to the hack). The malicious code can spawn the dialer and use it to enter a bad USSD code that will reset the device back to its factory settings.
The USSD code to factory reset a Samsung Galaxy S3 is: *code*code#
…which can be triggered from a browser via the code: frame src=”tel:*code*code%??”
(note: not the actual ‘codes’, just a placeholder)
The code can also be delivered via URL, NFC or QR codes.
The devices that are vulnerable to the exploit are the Galaxy Beam, S Advance, Galaxy Ace, Galaxy S2 and Galaxy S3 with older firmware. However, Samsung phones running stock Android OS, like the Galaxy Nexus, are immune to this malicious code. So if you’ve got one of the aforementioned devices, you need to upgrade to the latest firmware and use Chrome as your browser, just to be sure.