Yesterday, we pointed out that hackers could remote-wipe certain Android-based Samsung smartphones like the Galaxy S III using a USSD exploit. All they have to do is hide a small code into any webpage or text—even barcodes—then once you click on it, the phone resets to factory settings in a matter of seconds. The video below shows just how easy it is.
As if that isn't scary enough, it seems that Samsung smartphones aren't the only ones vulnerable to these attacks. Other Android devices, such as the HTC One X and Motorola Defy, are susceptible to these attacks. The reason is because they share a dialer that executes an automatic factory wipe on the phone when the code is clicked on, without letting the user know.
These USSD codes are usually used by the carrier to check internal information and diagnose issues with the phone. The user can type the code into the dialer and execute it themselves. When the code is executed through a website, the command isn't supposed to be executed until the user clicks send. What the hackers have done is bypass the send option and just execute the wipe without the foreknowledge of the user.
To combat the problem, users can wait until Android fixes the problem with a firmware upgrade or users can download a third-party dialer app such as TelStop.
Want to master Microsoft Excel and take your work-from-home job prospects to the next level? Jump start your career with our Premium A-to-Z Microsoft Excel Training Bundle from the new Gadget Hacks Shop and get lifetime access to more than 40 hours of Basic to Advanced Instruction on Functions, Formula, Tools, & More.