Three days ago, a researcher at the Berlin Institute of Technology presented a security vulnerability software terminal that ran on Samsung Galaxy S III, which allows an attacker to send USSD codes that will run automatically.
In this way, a terminal may be reset to factory settings and, depending on the terminal and special codes accepted by it, one can imagine other can forms of attack.
Subsequently, Samsung has released a statement that this bug belongs to the Android platform. Indeed, this bug is already known and corrected in Android 4.1, but not all terminals are identical when it comes to exploiting this weakness. Depending on the implementation, some models will only display the USSD code that will slip on a Web page, QR code or NFC tag, while others will go directly to the execution of the operation, as the terminal in the demonstration.
To prevent potential problems, BitDefender has released a protection tool. Available in Google Play Store, BitDefender USSD Wipe Stopper allows testing the presence of this vulnerability on the terminal that is installed and intercepts all calls to the Dialer application which could trigger this problem.