xda-developers:

Apparently the USSD code to wipe a S3 can be trigged in a browser iframe. Obviously this is bad bad BAD. Until there is a fix for this please keep your wits about you and avoid any hyperlinks to pages from untrusted sources.

Well this is pretty stupid. In fact, that’s a monumental fuck-up. The Galaxy S3 can be wiped by entering *2767*3855# on the keypad. As phone numbers can be embedded as a hyperlink using tel: in place of http:, setting the source of an iframe to this enters it automatically. It doesn’t need to be dialled, just entered.

What’s even more concerning is the number of S3s that probably run carrier versions of Android which means a critical update may not be seen anytime soon.

Remember, kids. Open is good.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s