As you may have heard by now a serious vulnerability was found that could wipe everything off of Samsung Galaxy SII and SII. Through malicious links in a website, SMS, NFC beam or QR code, a factory reset can be performed on your phone! Although Samsung released a patch for the Galaxy SIII it appears that all Android devices less than Android 4.1.1 are affected until their manufacturers release patches.
Ravi Borgaonkar, a researcher in the Security in Communications department at Technical University Berlin, demonstrated the weakness at the Ekoparty security conference in Argentina last week. A single line of code embedded in a web page can be used to trigger a remote factory reset! Here is a video in case you want to watch the demonstration.
To check whether you are vulnerable Dylan Reeve has created a web page: http://dylanreeve.com/phone.php. If you visit this page with your mobile browser and your IMEI number pops up it means that you are vulnerable. I have checked it with my rooted HTC Desire, with the Dolphin browser and I am open to attack! Dylan Reeve explains in his blog how the remote USSD attack works.
Two apps have also been developed to protect against the vulnerability: Auto-reset blocker and TelStop. You can check them in Google Play. Of course always keep in mind that it isn't a good idea to click on unknown links or open unknown QR codes!
