Samsung Galaxy phones vulnerable to remote wipe attack

Malicious hackers can hide a code in a web page that will trigger a full factory reset of Samsung’s best-selling Galaxy S3 smartphone, deleting contacts, photographs, music, apps and other valuable data, security researchers have discovered.

The code, now circulating freely online and comprising just 11 digits and symbols, was revealed at a computer security conference in Argentina.

Ravi Borgaonkar showed off the attack at the Ekoparty security conference, reports Slashgear. There he showed how a hacker could direct the user to a webpage where some malicious code could plunge them into a factory reset nightmare.

Borgaonkar’s talk, Dirty use of USSD Codes in Cellular Network, showed how the Unstructured Supplementary Service Data (USSD) protocol, which is commonly used, can be exploited by attackers.

Frustratingly, users can see the reset process kicking in but neither hitting back nor any other command will stop it. Apparently the code can also be used to destroy the SIM card too.

Although there’s no evidence that anyone is using this powerful line of code to mess with people’s Samsung phones (yet), the level of attention in the tech media means that some nefarious types may start.