USSD Attack on Android phones - a fix
You may have read about the risk of a remote wipe of your precious Samsung Galaxy via a pile of nasty code that makes your phone dial a USSD code that initiates a factory restore (and even SIM suicide).
If not, read this or the Verge - they replicated it on the Samsung Galaxy S3 http://mobile.theverge.com/2012/9/25/3403928/samsung-touchwiz-reset-vulnerability
The proof of concept shows that the restore/wipe, once initiated cannot be stopped by the owner. Unless you pull the battery, which will most likely have the same result - or worse: brick!
The problem seems to be mainly the Touchwiz dialler. Apparently it allows for USSD codes to run automatically. But there is ample evidence that HTC One devices and other Androids are susceptible, too. In fact some claim HTC devices are more vulnerable, while certain Samsung firmwares have been patched already (see below)
Now, until there is a proper response from Samsung and consorts, there is a
solution: install a 3rd party dialler and make it the default.
Dylan Reeve posted the solution on his blog and provides some evidence to
support his approach.
Check it out here