WASHINGTON — Cellphones using Google’s Android operating system are at risk of being disabled or wiped clean of data, including contacts, music, and photos, because of a security flaw that was discovered several months ago but went unnoticed until now.

Opening a link to a website or a mobile application embedded with malicious code can trigger an attack capable of destroying the memory card in Android-equipped handsets made by Samsung, HTC, Motorola, and Sony Ericsson, rendering the devices useless, computer security researcher Ravi Borgaonkar wrote in a blog post Friday. Another code that can erase a user’s data by performing a factory reset of the device appears to target only the newly released and top selling Galaxy S III and other Samsung phones, he wrote.

Borgaonkar informed Google of the vulnerability in June, he said. A fix was issued quickly, he said, but it wasn’t publicized.

Google declined to comment.