Ravi Borgaonkar, the researcher who found the issue, said most phones require users to hit the "dial" button before completing the code, but Samsung's unique TouchWiz interface means their devices do not.
This makes Samsung's handsets vulnerable to a string of malicious code that can not only erase a SIM card in its entirety, but can also restore a phone to its factory default settings remotely.
In both instances, the action happens without warning, and will wipe out all pertinent data before a user even knows what has happened.
Samsung not the only maker at risk
Though Borgaonkar has tested this hack out with the Samsung phones, he believes there may be more devices vulnerable to the malware, depending on what version of Android they are operating.
According to Borgaonkar, Android Security was made aware of the flaw in June, and has pushed an update out to all carriers to help prevent the hack from taking hold.
The best way for consumers to stay out of trouble is to make sure the latest updates have been installed, and to avoid suspicious links, apps, or QR codes that could be carrying the infecting code.
TechRadar has reached out to Samsung, and will update this story if and when they return request for comment.
Article continues below