Newly discovered Android security flaw can wipe your phone with the click of a link

Technology News Blog

A potentially devastating security flaw has been uncovered that affects a sizeable number of Android-based smartphones, including Samsung's flagship Galaxy S III. The exploit allows web pages to make your phone believe that a special service number called a Unstructured Supplementary Service Data (USSD) code has been dialed into it, including one that can instantly wipe all data on it. These codes are normally used by cellular carriers to perform diagnostics and other functions on your phone.

The problem has evidently been known for a while but requires software updates to phones in order to be eliminated. Samsung has updated its Galaxy S III software to address the flaw, but not everyone may be running the newest version. To check if you are, load your phone's Setting app scroll down to About Device. Tap that, then the Software Update tab at the top of the next screen that appears. Then, tap Update on the following screen. Your phone will check for updates and install the latest if you're running an older version.

Multiple other Samsung models, along with some from HTC and Motorola, are also said to be affected by the flaw. There are a few things you can do to protect yourself if you are using them.

The first is simply to avoid visiting links you're not sure are legitimate. Next, you can download and use an alternative dialer app (used for making calls) like Dialer One (download for Android) that won't automatically execute the USSD instructions. Finally — and most importantly — you should make a daily backup of your phone to your computer in the event it does get wiped. This is a good idea in general, but has become an especially crucial one given the discovery of this flaw.

[via Gizmodo]

This article was written by Randy Nelson and originally appeared on Tecca

More from Tecca: