Yesterday, we pointed out that hackers could remote-wipe certain Android-based Samsung smartphones like the Galaxy S III using a USSD exploit. All they have to do is hide a small code into any webpage or text—even barcodes—then once you click on it, the phone resets to factory settings in a matter of seconds. The video below shows just how easy it is.
As if that isn't scary enough, it seems that Samsung smartphones aren't the only ones vulnerable to these attacks. Other Android devices, such as the HTC One X and Motorola Defy, are susceptible to these attacks. The reason is because they share a dialer that executes an automatic factory wipe on the phone when the code is clicked on, without letting the user know.
These USSD codes are usually used by the carrier to check internal information and diagnose issues with the phone. The user can type the code into the dialer and execute it themselves. When the code is executed through a website, the command isn't supposed to be executed until the user clicks send. What the hackers have done is bypass the send option and just execute the wipe without the foreknowledge of the user.
To combat the problem, users can wait until Android fixes the problem with a firmware upgrade or users can download a third-party dialer app such as TelStop.