The hack was demonstrated at the Ekoparty security conference recently and can be triggered using a USSD code sent via NFC, QR code, a website.
At this point, the hack was found working on Samsung Galaxy S III, Galaxy Beam, Galaxy S Advance, Galaxy Ace and Galaxy S II, all popular Samsung smartphones.
(Update: Samsung has released a patch for Galaxy S III, though fate of other phones remains unclear)
As the malicious code does not work on Galaxy Nexus, which runs on stock Android, the Touchwiz running devices seems to be affected. Stock Android shows the code in the dialler but does not run it automatically, while the USSD code executes automatically on Touchwiz featuring devices.
Another concern surrounding the hack is another piece of code which allows disabling the SIM card currently in the phone. This way, with a single attack, the entire Samsung phone can be wiped and the SIM card killed.
The phone users do see the process happening in front of them, but pressing back or any other key has no impact on the process. Removing the battery during the processor is also likely to cripple the phone.
Samsung is yet to issue a statement on the matter.