A security hole has been discovered that allows some Samsung Galaxy phones running TouchWiz to be automatically factory reset without warning. This includes the Samsung Galaxy S2.
Found by ex-Gadget Geeks presenter Tom Scott, among others, all unsuspecting users have to do is go to a webpage via a specific link and their phone will be wiped back to how it came in the box.
"The USSD code to factory data reset a Galaxy S3 is *2767*3855# and can be triggered from browser like this," wrote Scott.
Developer Tom Hutchinson, who has helped Pocket-lint work out the incredibly damaging bug, says that the security blunder affects the Samsung Galaxy S3 too. The Ace, the SGS2 and S Advance have also been found to be affected so far. "Most, if not all Gingerbread phones or newer running TouchWiz will be vulnerable," he claims.
The fear is that those looking to wipe out Samsung phones would be able to easily embed the code on a website without Galaxy owners even realising what is about to happen. It could easily be used in a QR code too, and unwittingly scanned by a user.
In testing on the Pocket-lint SGS3, we've been unable to get the command to work. However, Arnoud Wokke, a journalist at Tweakers.net, claimed on Twitter to have the bug affecting the Samsung Galaxy S II and the Galaxy S Advance. He too was unable to get it working on the Galaxy Note or the Galaxy S III.
© copyright Pocket-lint 2012