Reports that Galaxy S2, Galaxy Beam, S Advance, and Galaxy Ace are also vulnerable have been popping up.
The reset to the factory settings and complete wipe of the contents is achieved via a simple USSD (Unstructured Supplementary Service Data) code delivered to the device via a specially crafted webpage or QR code, pushed by NFC, or even via a remotely triggered call to the specially crafted webpage via WAP push messages.
Samsung has pushed out a fix for the Galaxy S3 phones yesterday, but there is still no news on when the fixes for the other phones will be made available.
In the meantime, two researchers have created applications that deflect the attack. Collin Mulliner, a researcher with Boston's Northeastern University's SECLAB, has offered the TelStop app, and Joerg Voss has developed and published NoTelURL - both of which install an additional TEL URL handlers, pop up a warning when the user is faced with a TEL link and then ask whether he wants to follow it.
Users who want to known whether their phone is vulnerable to the attack can surf to a "USSD Check" page set up by H-Online, which has embedded a command that asks the phone to display its serial number (IMEI). If it does so without asking for permission, the phone can be remotely wiped without the user's consent.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.