It has been revealed that some Android-powered products are vulnerable to a browser-based exploit that will hard reset the phone and wipe all of your data.
The exploit has come to our attention via a demonstration posted to YouTube shot at Ekoparty 2012 (video above), showing how a direct-dial feature in the stock Android browser can execute a USSD service call and launch a command to wipe the phone. The problem, of course, is that if you see on your phone what is demonstrated in the video, it's already too late.
To test whether your phone is vulnerable to an attack, you can follow this link through your phone's stock browser. This will execute a similar process to the exploit, but instead of the service call wiping the phone, it will display your phone's IMEI number. If you see the IMEI number, your phone is vulnerable. If it only launches the phone's dialler without placing the service call, you should be OK. We tested this link with a new Galaxy S3 4G, and were pleased that while the dialler launched, the USSD code wasn't executed.
If you are vulnerable, see whether you can update the firmware on your phone. The latest information is suggesting that this is an older issue with Android products, and that the bug has been squashed in the most recent firmware builds for many of the latest phones.
If you can't find new firmware for your phone, and you feel that your data might be at risk, make sure that you make a backup of the items you'd hate to lose. There are numerous backup apps available on the Play Store that can back up sensitive data like SMSes and settings, along with standard data items like media files.