Samsung Galaxy smartphones with the TouchWiz UI skin are susceptible to a USSD code hack, which triggers an unstoppable factory reset. The hack itself is easily triggered from malicious websites, QR codes or sent by NFC and wipes users’ phones immediately.
In order to successfully run onto a Samsung Galaxy smartphone, the hack must be either dialed in directly in the phones dialer or opened from a website using the stock browser.
Among the devices affected by the USSD code hack are the Galaxy S Advance, the Galaxy Ace, the Galaxy S II and the Galaxy S III. As far as we know Samsung is currently investigating the issue and is likely to come up with a fix or a statement soon.
Meanwhile, you can see the exploit in action demonstrated in the video below.
When tested on devices running pure Android or another user interface skin, the USSD code hack doesn’t do anything, so Galaxy Nexus users need not panic.
Update: After some research, it seems that the issue isn’t affecting TouchWiz devices only, but rather all Android devices not running the latest OTAs. The hack targets a bug of the stock Android browser, and that’s the reason old, not updated Samsung devices to experience the issue.