In a stunning display of shortsightedness, Samsung has a USSD code that allows phones to be reset to factory settings. This wouldn’t seem bad if the codes could only be run by carriers, as they were expected to be, but when combined with an Android flaw (or is it a “feature”?) that executes USSD codes from browser links…..
the USSD code to factory data reset a Galaxy S3 is *2767*3855# can be triggered from browser like this: <frame src="tel:*2767*3855%23" />—
Pau Oliva (@pof) September 25, 2012
This can be triggered through an SMS, scanning a QR code, clicking a link in the browser, or NFC.
Samsung is reporting that that have a fix in place for the Galaxy S III, so make sure you keep your phones up to date.
In other news, there’s another 0-day Java exploit. There’s not a lot of things that require Java anymore. Uninstall it if possible.