Go Back   Android Forums > Android Forums Community > The Lounge
The Lounge We're all friends here. Hang out, kick your feet up and talk about whatever the heck you want!

test: Reply
 
LinkBack Thread Tools
Old September 26th, 2012, 04:14 AM   #1 (permalink)
Junior Member
Thread Author (OP)
 
Join Date: Feb 2011
Posts: 99
 
Device(s): HTC EVO 4G LTE, HTC EVO 4G
Carrier: Not Provided

Thanks: 82
Thanked 71 Times in 37 Posts
Default Malicious USSD code

I don't know where else to put this, but I thought it would be interesting enough for all android users to be cautious with their phones. I don't think a majority of users will have a problem with this hack

Click on the video in the article (from phandroid) linked below which basically shows how a "hack" can be applied.

New malicious hack would allow a website to wipe certain Galaxy S devices clean with irreversible effects [VIDEO]

Advertisements
strider70 is offline  
Last edited by strider70; September 26th, 2012 at 04:15 AM. Reason: update
Reply With Quote
The Following 3 Users Say Thank You to strider70 For This Useful Post:
9to5cynic (September 26th, 2012), Granite1 (September 28th, 2012), ocnbrze (September 28th, 2012)
sponsored links
Old September 26th, 2012, 05:19 AM   #2 (permalink)
Disabled
 
Join Date: Jul 2012
Posts: 2,033
 
Device(s):
Carrier: Sprint

Thanks: 541
Thanked 556 Times in 440 Posts
Default

Look on the bright side, this is ideal for spies and other people who need to brick their phones when the goons are knocking down their door.
Speed Daemon is offline  
Reply With Quote
Old September 26th, 2012, 10:08 AM   #3 (permalink)
Leeeroy Jennnkinnns!
 
novox77's Avatar
 
Join Date: Jul 2010
Posts: 3,968
 
Device(s): Evo 4G, 3D, LTE
Carrier: Not Provided

Thanks: 1,190
Thanked 3,270 Times in 1,410 Posts
Default

Not sure how well known it is at this point, but this hack affects more than just Sammy phones. Moto on Verizon is vulnerable, as is HTC on AT&T.

At issue here is if the phone AND carrier support a special code that is input by the Dialer app.

For example, on most (if not all) phones, you can enter ##3282# into the dialer, and it will take you to the phone's EPST menu. Some codes are standard; others are specific to the phone and/or carrier. In this case, the code to wipe your phone is launched from a browser with code like this:

<frameset><frame src="tel:[wipecode]" /></frameset>

This works a lot like mailto:"myusername@email.com". When a device sees mailto: it will open the default email client. When a phone sees "tel:" it will launch the default dialer. And if your phone/carrier supports this code, it will start the data wipe.

tel:[wipecode] can be placed into a QR code as a URL data type. Depending on the QR scanning software you use, it may or may not immediately process the URL. A security-aware QR code scanner should first show you the result of the scan, and then allow you to proceed via a user-interaction.

It would also appear that browser choice makes a difference here. Opera does not support launching the dialer when it sees a tel: so even if the phone/carrier combo is vulnerable, you won't be damaged if you use Opera.

But the real solution is to patch the phone's radio firmware so that the wipe code is disabled. Either that or have the firmware prompt for the phone's MSL number before wiping.
__________________

The good thing about science is that it's true whether or not you believe in it. -Neil deGrasse Tyson

Help me out: Sign up with Dropbox and we both get 500MB extra space. Thanks!
novox77 is offline  
Last edited by novox77; September 26th, 2012 at 10:13 AM.
Reply With Quote
The Following 2 Users Say Thank You to novox77 For This Useful Post:
9to5cynic (September 26th, 2012), strider70 (September 26th, 2012)
Old September 26th, 2012, 10:11 AM   #4 (permalink)
Leeeroy Jennnkinnns!
 
novox77's Avatar
 
Join Date: Jul 2010
Posts: 3,968
 
Device(s): Evo 4G, 3D, LTE
Carrier: Not Provided

Thanks: 1,190
Thanked 3,270 Times in 1,410 Posts
Default

Here's a test to see if your phone is vulnerable:
Andriod TEL URL Handling exploit demo by Ravishankar Borgaonkar

This link is SAFE to click. It will NOT wipe your phone. But if the result of your clicking this link is that your phone shows you your MEID number, then your phone would be vulnerable to the REAL hack.

If all you see is *#06# in your dialer, then you are safe. If you were to press CALL from there, you should get your carrier message saying the number you dialed is invalid.
novox77 is offline  
Reply With Quote
The Following 2 Users Say Thank You to novox77 For This Useful Post:
9to5cynic (September 26th, 2012), ocnbrze (September 28th, 2012)
Old September 26th, 2012, 10:35 AM   #5 (permalink)
Life Goes On
 
cwhatever's Avatar
 
Join Date: Mar 2012
Location: south central fla
Gender: Male
Posts: 2,896
 
Device(s): galaxy s3 rooted on wicked or carbon, galaxy prevail ctmod 3.8 ssm(mp3 player)
Carrier: Boost Mobile

Thanks: 532
Thanked 745 Times in 553 Posts
Default

It's through the hidden menu is how its done. If you do the test above and you are vulnerable, freeze the hidden menu with something like titanium or another app, you cannot be hacked then. If you need to use it then you can unfreeze it, do what you gotta do, then refreeze it.
I got this through the people in our device.
__________________
EVERYTHING HAPPENS FOR A REASON/TODAY IS THE LAST DAY BEFORE TOMORROW SO USE IT WISELY !!!!!!!!! Thanks Button Is The Right Thing To Do!!
The One Who Dies With The Most Toys WINS
At First If You Don't Succeed Try Try Again & Ask"S
http://androidforums.com/Site-Rules/Guidelines
cwhatever is offline  
Last edited by cwhatever; September 26th, 2012 at 10:42 AM.
Reply With Quote
Old September 26th, 2012, 12:40 PM   #6 (permalink)
Senior Member
 
9to5cynic's Avatar
 
Join Date: Feb 2011
Location: /home/
Posts: 4,858
 
Device(s): Galaxy S3 (Verizon) Evo 4G - retired/rooted
Carrier: Verizon

Thanks: 3,066
Thanked 1,763 Times in 1,189 Posts
Send a message via AIM to 9to5cynic
Default

Quote:
Originally Posted by novox77 View Post
Here's a test to see if your phone is vulnerable:
Andriod TEL URL Handling exploit demo by Ravishankar Borgaonkar

This link is SAFE to click. It will NOT wipe your phone. But if the result of your clicking this link is that your phone shows you your MEID number, then your phone would be vulnerable to the REAL hack.

If all you see is *#06# in your dialer, then you are safe. If you were to press CALL from there, you should get your carrier message saying the number you dialed is invalid.
Mine flashes that code real quick and then shows nothing. I'm thinking I'm in the clear. And I must say these mobile hacks are always some of the most interesting. ;-)
9to5cynic is offline  
Reply With Quote
Old September 26th, 2012, 01:34 PM   #7 (permalink)
♡ Spidey Sense !! ♡ ™
 
DonB's Avatar
 
Join Date: Nov 2009
Location: 18th Hole Of the Golf Course
Gender: Male
Posts: 18,580
 
Device(s): Moto X 16 GB Cricket Wireless®/ Stock Galaxy Note 10.1 ®
Carrier: Crickets Wireless ®

Thanks: 6,602
Thanked 7,048 Times in 4,159 Posts
Default

I saw Go To Hell on my phone when I clicked on the link, what is that all about, LOL


Quote:
Originally Posted by novox77 View Post
Here's a test to see if your phone is vulnerable:
Andriod TEL URL Handling exploit demo by Ravishankar Borgaonkar

This link is SAFE to click. It will NOT wipe your phone. But if the result of your clicking this link is that your phone shows you your MEID number, then your phone would be vulnerable to the REAL hack.

If all you see is *#06# in your dialer, then you are safe. If you were to press CALL from there, you should get your carrier message saying the number you dialed is invalid.
__________________


Site Rules/Guidelines
If something needs attention, Report it .
If someone helped you, hit to show it.

CRICKET Referral Program Bonus $ PM me if you need a referral



DonB is online now  
Reply With Quote
Old September 27th, 2012, 08:25 AM   #8 (permalink)
Senior Member
 
zuben el genub's Avatar
 
Join Date: Jan 2011
Posts: 5,087
 
Device(s): Oppo Find 7 Nexus 4, Nexus S
Carrier: Not Provided

Thanks: 62
Thanked 957 Times in 763 Posts
Default

Saw this elsewhere. The post said that even Cyanogenmod was affected. The post suggested changing dialers or installing another dialler so you got asked which service.

I have Viber, and everytime I try to call out, it asks which service.

Article also mentioned something about NFC. They didn't mention Q codes. I have that disabled.

Was the post right? Is this enough to avoid?

Are real websites being hacked to use this or are the websites just set up to snag people like the ones that click on "free" anything?
__________________
Sent by UFO
zuben el genub is offline  
Reply With Quote
The Following User Says Thank You to zuben el genub For This Useful Post:
Hadron (September 27th, 2012)
Old September 27th, 2012, 04:23 PM   #9 (permalink)
AF Contributor
 
Hadron's Avatar
 
Join Date: Aug 2010
Location: Dimension Jumping
Posts: 12,182
 
Device(s): HTC One (S-Off), HTC Desire (retired)
Carrier: Orange UK

Thanks: 2,260
Thanked 5,116 Times in 3,693 Posts
Default

I can confirm that the test url above works on a HTC Desire with a bare-bones AOSP ROM and using Boat browser.

One chap suggested installing an alternative dialer. You don't have to use it at all, but if you hit a malicious link it will pop up a box asking you which dialer you want to open the link with rather than entering the code. I can confirm that this work around works to block the test site.

Edit: just spotted than Zuben has already posted this work-around!
__________________
Forum Rules & Guidelines - Android Forums FAQ
If a post helps you, use the Thanks! button.
Spam or offensive? Don't respond, report it /!\
Hadron is offline  
Reply With Quote
Old September 27th, 2012, 06:28 PM   #10 (permalink)
Senior Member
 
zuben el genub's Avatar
 
Join Date: Jan 2011
Posts: 5,087
 
Device(s): Oppo Find 7 Nexus 4, Nexus S
Carrier: Not Provided

Thanks: 62
Thanked 957 Times in 763 Posts
Default

You can just enable internet calling even if you don't have a SIP account.
zuben el genub is offline  
Reply With Quote
sponsored links
Old January 6th, 2013, 07:42 PM   #11 (permalink)
New Member
 
Join Date: Jan 2013
Posts: 4
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

Here is a test page from ESET:
Antivirus Software and Internet Security Solutions :: ESET

Another test page:
http://hugelaser.com/ac/ussd-test.php

These are to verify if your phone is vulnerable to USSD code atacks triggered by SMS, QT code o malicious web link.
I own a Samsung Galaxy SII or S2 and used those links and are not malicious, I found my phone was vulnerable and proceeded to install a free tool from ESET (I found this info on a magazine).

If you are afected, try this ESET free tool:
ESET Latinoamérica – Laboratorio » Blog Archive » Herramienta gratuita de ESET contra vulnerabilidad USSD en Android

Or in the Android Market:
https://play.google.com/store/apps/details?id=com.eset.securedialer

What this ESET tool does is what Hadron said: it installs as an alternative dialer so the phone asks you wich dialer you want to use before excecuting an USSD code (When triggered by SMS, QT code or web link, not when you type the USSD code directly in your phone dialer), and you can configure the tool to be your defalut dialer when this happens, then the tool ask you if you want to excecute the USSD code, you probably will want to select "no".
davagui2828 is offline  
Last edited by davagui2828; January 6th, 2013 at 07:49 PM. Reason: To add more info I forgot to type
Reply With Quote
Reply


Go Back   Android Forums > Android Forums Community > The Lounge
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 03:48 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.