The flaw could allow hackers to completely wipe out data stored data and was detailed by Technical University of Berlin’s Ravi Borgaonkar who identified a execution relying on USSD coding.
Borgaonkar noted Android’s use of TEL protocol, allowing users to access their mobile devices via browsers on the web.
“Android dialer fails to differentiate between a phone number and USSD code,” writes Borgaonkar. And such an inadequacy could prove devastating for unpatched users.
Hackers could use malicious link to target Android phones. “After the successful attack, the end user has to go to the mobile network operator and buy a new SIM card. Even mobile operators can not fix the broken SIM card (as per my knowledge and 3GPP standard. If somebody knows how to fix such broken SIM cards, please let me know I have too many of them.),” Borgaonkar later states.
Meanwhile, Samsung devices were found to be critically vulnerable to remote wiping. Android maker Google has since worked to patch the problem and Borgaonjar noted it was initially discovered in June.