USSD Attack on Android phones - a fix

You may have read about the risk of a remote wipe of your precious Samsung Galaxy via a pile of nasty code that makes your phone dial a USSD code that initiates a factory restore (and even SIM suicide).
If not, read this or the Verge - they replicated it on the Samsung Galaxy S3 http://mobile.theverge.com/2012/9/25/3403928/samsung-touchwiz-reset-vulnerability

The proof of concept shows that the restore/wipe, once initiated cannot be stopped by the owner. Unless you pull the battery, which will most likely have the same result - or worse: brick!

The problem seems to be mainly the Touchwiz dialler. Apparently it allows for USSD codes to run automatically. But there is ample evidence that HTC One devices and other Androids are susceptible, too. In fact some claim HTC devices are more vulnerable, while certain Samsung firmwares have been patched already (see below)

Now, until there is a proper response from Samsung and consorts, there is a
solution: install a 3rd party dialler and make it the default.

Dylan Reeve posted the solution on his blog and provides some evidence to
support his approach.
Check it out here


Add a comment

JanSt / MOD  Sep. 25, 2012 at 14:38

UPDATE - Folks on Twitter claim their HTC One X and Desire HD etc are also affected/susceptible....

AND: it seems using non-stock browsers like Chrome, or Opera Mobile etc also serve as a line of defence ;)
However, that doesn't seem to help if your device uses Touchwiz - ie Samsung's Galaxy class..

UPDATE 2 1/2:
seems it's patched in some firmwares https://twitter.com/TeamAndIRC/status/250591062480003072

JanSt / MOD  Sep. 25, 2012 at 15:49

https://twitter.com/lennyuk/status/250607002349350912 ==> latest SGS3 firmwares allegedly patched (but not the one used by the Verge and many others - loadsa ordinary folks aren't a*al about fw updates). HTCs actually appear more vulnerable - all the way back to the Hero on 2.1

Pondlife  Sep. 25, 2012 at 16:22

Surprising that it's not been found before now then on htc, wonder if this has happened before when people have had the problem and it's largely been thought user error.

JanSt / MOD  Sep. 25, 2012 at 19:18

Well, from what I gather, the exploit's only been demo'ed recently. Whether it's been used in the wild? Who knows? So many things can go wrong with smartphones and there are millions of inexperienced users... they may not even have noticed what happened. Also: it's an exploit that, thus far, seems purely malicious - no gain for hackers other than to wipe somebody's phone. Seems like something shady gov agencies might be interested in. Wipe Iranian phones en masse... stuxdroid v1.0

matt101101 / MOD  Sep. 26, 2012 at 01:09

Useful speed dial for drug dealers...


You don't need an account to comment. Just enter your email address. We'll keep it private.