Several Samsung Android devices, including Samsung Galaxy S III,
Galaxy S II, Galaxy Beam, S Advance, and Galaxy Ace were
reported to be vulnerable because they supported the special
factory reset code.
Borgaonkar showed that a device can be forced to automatically
open a link to such a page by touching a NFC-enabled phone to a
rogue NFC tag, by scanning a QR code or by including the link in a
special service message. However, an attacker can also include the
link in a Twitter feed, SMS or an e-mail message and trick the
victim to manually click on it.