http://www.stuff.co.nz/technology/gadgets/7732438/Security-risk-for-millions-of-Android-users
Security risk for millions of Android users
Sophos, said the flaw served as a "wake up call" to users who didn't back up their smartphones.
"This just emphasises the importance of regular and current back-ups doesn't it?" he said. "Whether you do them into the cloud ... or to a USB drive."
How the hack works
Manufacturers like Samsung use special USSD codes that can be typed into the dial pad by end-users to make it easy for handset makers and telcos to do support over the phone with their customers. One such code - *#06# - is used to display a phone's IMEI number on the screen. Another code resets the phone.
What Borgaonkar discovered was that a person could craft a website with the reset code embedded - in Samsung's case *2767*3855# (do not type this into your phone!) - and get the code to automatically run when a user visited it.
A hacker could also exploit an affected phone by getting a user to scan a malicious QR code or by sending them a malicious SMS or NFC transmission.
Devices identified as being affected include
