The vulnerability was disclosed last week
The security hole, already patched by Samsung , could be exploited via WAP configuration messages, pushed to targeted devices with minimum user interaction:
…usually such malicious messages are blindly accepted without proper checking regarding their origin or content…
What is WAP Push?
The Wireless Application Protocol (WAP) suite has been in public operation since 1999.
The Wireless Datagram Protocol (WDP) which forms part of the WAP suite provides a UDP-like layer to transport data between two endpoints on specific ports.
WDP itself can be transported over many protocols, including SMS
WAP Push is transported on WDP and allows content to be pushed to the device with minimal (or no) user intervention. The data is encoded using WAP Binary XML (WBXML).
In this video, Context’s researchers showed how an Android phone could be attacked:
So, check your your smartphone updates ASAP!