Update: This could potentially affect ANY Android device that has a remote wipe code

Update 2: As per Glenn Blair

(writer for LoD) basically we have 2 issues 1) can your dialer accept code from browser and auto dial (MOST STOCK DIALERS WILL DO THIS, EVEN ON AOSP) and if so 2) does your device have a full wipe code (or worse) – Samsung and HTC use these, not sure on other devices

Update 3: @TeamAndIRC: The USSD code issue in the SGS3 is patched, and has been for some time. Current i747 and i9300 firmware are not vulnerable.

Update 4: There are a lot of workarounds for this such as using Opera as your primary browser however Dylan Reeve (@dylanreeve) just tweeted us with another solution you may want to take a look at

You may or may not have seen tweets or posts by some of the other Android sites out there advising that an exploit has been found with certain Samsung devices running the TouchWiz dialler.

It seems that the exploit only works when you are using the stock browser as I have tested with Chrome, Firefox and Opera with Opera being the safest and not actually opening the dialler if the exploit is located on the site.

Unlike a lot of sites I choose not to post what the exploit is as it only serves to promote the issue and will no doubt bring about a selection of idiots putting pages together with the exploit in there.

So the caution is this – be careful what you browse and if you hit a site that opens your dialler then you should be prepared that this may wipe your device.

As of yet Samsung have not commented on the situation.

Via: Pau Oliva (Twitter)