As always, you need to be aware of what you’re clicking on and what you’re viewing, so be careful checking emails on your phone from people you don’t know, and make sure not to fall for any advertisements that entice you with ways of making your phone better, more powerful, or unlocking its potential, so to speak.
How you fix it
If Samsung and any other affected manufacturers aren’t releasing patches quick enough for your device – as could definitely happen with legacy devices – then it might be time to install a program called TelStop, which can be found for free on Google’s Play Store.
This acts as a sort of link checker for these exploits. If you accidentally visit one of the links, your phone will prompt you where you want to run that link: your phone or TelStop. If you select TelStop, this will tell you that the link is “likely malicious.”
To test this in action, install the app and head to this page on your phone, a little site run by New Zealand’s Dylan Reeves (who actually details the exploit further) that tells you if you’re likely to have problems.
If the exploit works, your phone will tell you its IMEI code. If not, nothing will happen and you’ll probably just be directed to the dial screen of your phone: phew, you’re mostly safe. Web browsers on computers will ask you how you should run this, and you can just click cancel, as it’s not for you.
This page isn’t dangerous, mind you, because even if it runs without TelStop on your device, all it will do is tell you your phone’s International Mobile Equipment Identity, or IMEI, what is essentially a long serial number specific to your device.
If TelStop is installed, however, you can select it when this code runs and see if the link is dangerous.
It’s probably worth noting that now the exploit is out there, it’s not going to disappear, and this form of security problem will only multiply, so please, be cautious when clicking on links and scanning QR codes.