Australian security experts say that the flaw is a 'wake up call' for mobile users who didn't back up their smartphones, the Sydney Morning Herald reports.
According to the report, manufacturers like Samsung use special USSD codes that can be typed into the dial pad by end-users to make it easy for handset makers and telcos to do support over the phone with their customers.
One such code - *#06# - is used to display a phone's IMEI number on the screen. Another code resets the phone.
According to the paper, what Borgaonkar discovered was that a person could craft a website with the reset code embedded, in Samsung's case *2767*3855# (do not type this into your phone!), and get the code to automatically run when a user visited it.
A hacker could also exploit an affected phone by getting a user to scan a malicious QR code or by sending them a malicious SMS or NFC transmission, the report said.
Dylan Reeve, who works as a TV editor in New Zealand and has worked in IT in the past, said millions of Samsung devices would be affected by the flaw.
He recommended users running Android on Samsung devices to check whether they were affected by using a test website he has developed.