the Samsung Galaxy S III 4G was announced for Australiaa vulnerability was discovered
Here’s how it works:
A USSD code, or Unstructured Supplementary Service Data code, is used by carriers to trigger commands on your phone. If you’ve ever recharged with prepaid phone credit or gone and found your IMEI number via your phone app, you’ve used USSD.
This particular code isn’t anything out of the ordinary, either. The problem is that when you type it in to trigger a factory reset, the device is meant to stop before it executes the command and ask if you’re sure. That’s what’s missing here — confirmation. That means that anyone can show their friends a “cool trick” or social engineering can be deployed to lure people into resetting their phones.
Samsung says that the issue was fixed in Android 4.0.4 — a maintenance release for Ice Cream Sandwich. This handset that we did it on is running Android 4.1.1 Jelly Bean, so why is it working?
We’ve reached out to Samsung for comment, but until then, don’t on any codes you aren’t sure of.