According to this FRENCH WEBSITE, a major security vulnerability has been disclosed at the Ekoparty 2012 Security Conference which affects some android handsets. It it is possible to reset those affected handsets to factory default settings and in the process wipe out all data. This vulnerability exploits a “secret” code that can be used to trigger the factory reset automatically, without asking any confirmation from the user. That code is: *2767*3855#
There are different methods known to date to push that code onto those handsets:
- SMS in Wap Push mode (where the user would have to click on a link)
- QR Code
- NFC Protocol
Or… if users go to some websites where either
<frame src="tel:*2767*3855%23" />
is contained in the HTML page.
So far, it has been confirmed to work against the Samsung Galaxy S3, the Galaxy Beam, S Advance, Galaxy Ace and Galaxy S II and some HTC devices.
As Korben wrote on his blog, there might be some interesting browsing experience in store for those handsets owners in the coming days.