A single line of code can trigger an automatic factory-reset of the Samsung Galaxy S III, security researchers have discovered.
Users of the smartphone are being warned that once started, there is no way of stopping the hack that gives potential to completely delete contacts, photographs, music, apps and other valuable data.
The discovery was revealed by Ravi Borgaonkar at the Ekoparty computer security conference in Argentina.
A demonstration (see video below) showed how the how the malicious 11-digit code can be embedded in the HTML code of a web page. If an unsuspecting Samsung Galaxy S3 owner visits such a page, their smartphone will be automatically restored to its factory settings.
The attack occurs within seconds of visiting the affected webpage and once launched there is nothing the phone user can do to stop it.
Worryingly, it is reportedly possible to double up on the attack, Borgaonkar says, including a USSD code that also kills the SIM card currently in the handset. In this way a single message could be used to wipe a phone and leave the user with a broken SIM too.
Samsung said a recent software update had now resolved the problem and urged all customers to download it as soon as possible.
A spokesperson said: "We would like to assure our customers that the recent security issue concerning the GALAXY S III has already been resolved through a software update.
"We recommend all GALAXY S III customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service."
According to the Telegraph, Mr Borgaonkar said he had uncovered more codes built into Samsung devices that could be used in other attacks but said he did not want to reveal them because they could be useful to criminals.