A new exploit has just been discovered in the stock browser on many Android phones that could force an unstoppable factory data reset with no interaction on the part of the user. This exploit affects mainly Samsung phones – it’s been confirmed on the Samsung Galaxy S II, the Galaxy S Advance, the Galaxy Beam, and the Galaxy Ace. We are also hearing conflicting reports on the vulnerability of the Galaxy S III – some sources are saying that the international and AT&T versions of this device have already been patched, while other reports indicate that the AT&T version is indeed vulnerable. It is unknown at this time whether Sprint, Verizon, and T-Mobile variants are impacted, although other miscellaneous devices running older, stock versions of Android are also said to be susceptible.
This exploit allows for the execution of a dialer code, which is executed with a very simple line of HTML code embedded into an affected website. Therefore, just one tap on a malicious link could cause the phone to be reset and all data erased.
Samsung says it is looking into this, while this exploit has been patched in the most recent versions of Android. In the meantime, if you think your phone might be vulnerable, it would be wise to install a different browser such as Chrome or Dolphin, neither of which are affected by this exploit. As an added precaution, you might even consider disabling the stock browser in your app settings.