Most Samsung Galaxy devices have secret USSD codes that allows users to trigger some action. One of the harmless code when dialed into the dialer of the phone such as *#1234# reads the firmware version of the phone. However, there are other codes as well that can do irreversible damage if the consequences are not known. One of such codes is for the factory reset (you can Google it) that completely wipes off the phone, including USB storage. Now as shown by Ravi Borgaonkar at the Ekoparty security the same code can be wrapped in an HTML code and when opened in the browser on the Galaxy device, it can trigger the USSD code, thus resetting the whole device.
This happens because if the device detects it as a legit code, it will initiate without letting the user know of the final result.
Some of the phones that seem to be affected are Galaxy S II, Galaxy Beam, S Advance, Galaxy Ace. The code apparently doesn’t seem to work on Galaxy S III, Galaxy Note or the Galaxy Nexus.