A significant weakness in Android has been discovered.
In a blog post, Ravi Borgaonkar of the Berlin Institute of Technology says that websites can trick users into triggering malicious code by selecting on-screen phone numbers.
He also claims that no Android is able to differentiate between genuine phone numbers and Unstructured Supplementary Service Data codes recognised by handsets as instructions to destroy, wipe or reset its memory card. Once wiped, restoring the data is impossible.
Google, Android's creator, has since issued a fix.
McAfee security expert Jimmy Shah offered reassurances that the flaw was not of much use to cyber criminals: "There's no benefit to the attacker if they can't make money off it or they can't steal your data. It's really not that useful."
Borgaonkar also found that some of the malware only attacked Samsung handsets. He encourages Android users to ensure their phones are fully updated.