UPDATED: Samsung Galaxy S3 ‘can be wiped’ using hidden web code

Attendees at a security conference were left stunned when a researcher demonstrated how a hidden web code could allow a Samsung Galaxy S3's data to be completely wiped.

The code, which is currently available online and consists of 11 digits, was unveiled at an event in Argentina, the Telegraph reported.

South Korean firm Samsung has since issued a software fix, which it says will eradicate the problem.

In a statement it said: "We would like to assure our customers that the recent security issue concerning the Galaxy S3 has already been resolved through a software update.

"We recommend all Galaxy S3 customers to download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service".

Vulnerability

Security researcher Ravi Borgaonkar, based at the Technische Universitat Berlin, had shown conference attendees how the code can be embedded in the HTML code of a web page. If a Samsung Galaxy S3 owner visits such a page, the smartphone will automatically restore itself to factory settings – deleting all data without allowing the user to cancel the operation.

All Samsung devices that use the Android operating system including the Galaxy S2 were affected, but other Android devices such as those on HTC were not, according to Borgaonkar.

In his presentation, Borgaonkar showed how the code could be imbedded into a text message or be put into the web browser using a QR code or NFC tag.

He warned that there were other codes built into Samsung devices that left them vulnerable – one, apparently, can be used to shut down a SIM card – but did not want to disclose further details for fear of criminal activity.

Before the software update was released Borgaonkar advised those with Samsung devices that run on Android to switch off "service loading" in settings and disable QR code and NFC apps.