PSA: Watch what sites you loadSupport


Last Updated:

  1. Shabbypenguin

    Shabbypenguin Well-Known Member Developer This Topic's Starter

    Joined:
    Mar 28, 2011
    Messages:
    5,385
    Likes Received:
    5,071
    Some of you may have heard the big news, there is a bit of html code that can remotely do a factory reset on your device while browsing around without your consent or way to stop it. the website has to have it setup and has to the stock web browser. since this exploit was released into the public it is unknown on if any sites may "maliciously" add it in. i cant confirm or deny that this device may be subject to this exploit, but its for teh best that you know anyways.

    the code can be viewed via a frame on a website, so some jerk posting the html code into a comment isnt gunna make the site screw your phone up. so it has to be setup to run the exploit, but since it is only a few lines im sure a few sites already have ill intentions. Exploit test should show if you are vulnerable

    so far it seems its only samsung devices that are affected but many more could be.

    Update

    Confirmed you guys are exploitable http://i.imgur.com/UFfxj.png

    now this means that on a stock rom dialer codes can be tripped by malicious websites :(


     

    Advertisement
  2. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    Joined:
    Oct 5, 2011
    Messages:
    5,552
    Likes Received:
    4,380
    Pm me the link. I just made a backup :D I'll be A test dummy
     
    cwhatever likes this.
  3. cwhatever

    cwhatever Life Goes On Guide

    Joined:
    Mar 4, 2012
    Messages:
    3,038
    Likes Received:
    842
    Yeah then let us know the results. Thx.
     
  4. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    Joined:
    Oct 5, 2011
    Messages:
    5,552
    Likes Received:
    4,380
    It did enter a dialer code, but the code didn't do anything
    ( *2767*3855#)

    I tried with stock and half ass rom.

    I guess we're safe
     
    cwhatever likes this.
  5. Shabbypenguin

    Shabbypenguin Well-Known Member Developer This Topic's Starter

    Joined:
    Mar 28, 2011
    Messages:
    5,385
    Likes Received:
    5,071
    ok lord vincent did some testing and here is basically a rundown:

    may not be of any big concern, everyone is ranting about the sgs3 reset code since even the sgs2 has a diff code to reset it it means that the "exploit" may be on many devices but in order to effectively target them you would have to have every dialer code for every phone and i dont see that happening.

    a more likley solution is someone who knows of lets say the prevail, builds a new site that gets a lot of google hits like prevailcyanogenmod9.com or something of teh sort and expects prevail owners to pull it up on their device

    if you give me the dialer codes for this device ill make a page to test, im not gunna use teh factory reset one ill use something like debug menu etc

    so while your chances of being hijacked by this are VERY slim. this is all the more reason on why you should be doing regular nandroids and saving to your computer in the event something does happen ;)

    edit: bah thats what i get for typing up a long explanation, LV already replied :p
     
  6. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    Joined:
    Oct 5, 2011
    Messages:
    5,552
    Likes Received:
    4,380
    Yea but u explained it much better... :D

    Didn't mean to step on your toes
     
  7. Shabbypenguin

    Shabbypenguin Well-Known Member Developer This Topic's Starter

    Joined:
    Mar 28, 2011
    Messages:
    5,385
    Likes Received:
    5,071
    oh man no toes stepped on, i posted about this in hopes to get awareness like i did with the ZTE backdoor :p

    anyways http://www.shabbypenguin.com/data will load up the exploit targeted towards the prevail it wont wipe ya :p.

    updated op
     
    The~Skater~187 likes this.
  8. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    Joined:
    Oct 5, 2011
    Messages:
    5,552
    Likes Received:
    4,380
    I was wrong... The one i was thinking of us ##72786# and it only does some update... Nothing gets deleted

    Edit-and still requires you to enter your msl! That may be what saves us... Most hidden menu functions ask for your msl :) (ps this code is what they gave my sister to fix her phone. It randomly stopped receiving/sending phone calls bit 3g still worked... Not sure what it changes, but it restored her ability to use this phone as a phone)
     
  9. Shabbypenguin

    Shabbypenguin Well-Known Member Developer This Topic's Starter

    Joined:
    Mar 28, 2011
    Messages:
    5,385
    Likes Received:
    5,071
    still stands you guys are suseptible to teh exploit, as is teh admire and ZTE warp so im gunna leave this thread here. you guys are lucky enough to have a solid cm rom but i imagine a lot of phones that this attacks wont be as lucky. since cm doenst let you use dialer codes
     
  10. cwhatever

    cwhatever Life Goes On Guide

    Joined:
    Mar 4, 2012
    Messages:
    3,038
    Likes Received:
    842
    so ct mod doesn't let you use the dialer after 2.4 or something. so that is safe too then?
     
  11. Rarewolf

    Rarewolf Well-Known Member

    Joined:
    Jan 11, 2012
    Messages:
    1,251
    Likes Received:
    152
    What if we get rid of hidden menu?
    I don't really use it. And Idk what i would need it for.
     
  12. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    Joined:
    Oct 5, 2011
    Messages:
    5,552
    Likes Received:
    4,380
    That would work, but you should probably try freezing it first
    (i think you need it for system/prl/data profile updates)

    If you don't have titanium backup, you can use 'app quarantine'. It's free on the play store
     
  13. titetanium

    titetanium Well-Known Member

    Joined:
    Aug 27, 2012
    Messages:
    46
    Likes Received:
    15
    Hmm, it shows shrimps jammin' on the jimjam on my laptop but on my phone it shows a page to enter my msl? I used the xscope browser, so the exploit seems to work with that too. Yikes! If I remove the stock browser, it would break several apps that depend on it like geniewidget.apk, voicesearch.apk, plus quicksearchbox.apk & voicedialer.apk (both depends on voicesearch.apk). All of these apps will force close when the browser is removed.
     
  14. Shabbypenguin

    Shabbypenguin Well-Known Member Developer This Topic's Starter

    Joined:
    Mar 28, 2011
    Messages:
    5,385
    Likes Received:
    5,071
    the way i setup the code is it loads two frames one being my homepage at shabbypenguin.com (where the flash animation comes in) and the other frame contains the "exploit"
     
  15. wetbiker7

    wetbiker7 Well-Known Member Contributor

    Joined:
    Jun 27, 2011
    Messages:
    7,475
    Likes Received:
    3,426

    After 2.5;)


    I think that updates the MMS settings. That is code I used to fix my MMS on the Marquee.
     
    cwhatever likes this.
  16. The~Skater~187

    The~Skater~187 Well-Known Member

    Joined:
    Oct 20, 2011
    Messages:
    1,394
    Likes Received:
    460
    Tried this on my marquee runnung ctmod 3.6.8 using dolphin Browser and it opened my hidden menu. So I'm guessing that the marquee is vulnerable?
     
  17. vce2005

    vce2005 Well-Known Member

    Joined:
    Jun 29, 2012
    Messages:
    961
    Likes Received:
    275
  18. DarkJedi

    DarkJedi Well-Known Member

    Joined:
    Aug 19, 2011
    Messages:
    323
    Likes Received:
    98
    Yup. Us Proclaim users are vulnerable too. I took Shabbypenguin's test page, posted it on my server, and edited the number to a Verizon Wireless hidden menu code. Sure enough, it launched the hidden page.
     
  19. palmtree5

    palmtree5 Sunny Vacation Supporter! Moderator

    Joined:
    May 2, 2012
    Messages:
    4,380
    Likes Received:
    2,860
    USSD Exploit Test This is another test that you could run. Found it on Lifehacker and visited the page on my phone. Shows up with my MEID. CM9
     
  20. Shabbypenguin

    Shabbypenguin Well-Known Member Developer This Topic's Starter

    Joined:
    Mar 28, 2011
    Messages:
    5,385
    Likes Received:
    5,071
    not to alarm anyone, but while a factory reset dialer code is fairly uncommon with devices, and teh odds of being targetted for that are slim there is however a fairly universal dialer code.

    **21#phonenumber

    it sets up call forwarding to whatever you use as the phone number. what that means is ytou can go to a site that has this code setup and it will forward all of your calls automatically without you knowing. worse still imagine if they were all.. "adult" phone numbers. people calling you would be charged 1-5 dollars per call depending on how long they try figuring out wtf is going on and recalling.

    installing a second dialer program and never setting teh default will add a layer of security, go to teh website and it activates the code and your phone asks which dialer (obviously a warning sign).
     
    wyelkins and Lordvincent 90 like this.
  21. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    Joined:
    Oct 5, 2011
    Messages:
    5,552
    Likes Received:
    4,380
    An excellent point!

    Right that wiuld be funny... Dad calls and it's all 'how's it going big boy? You want to have some fun?'

    That would be PRICELESS (for like 30 seconds)
     
  22. oopsibrokeit

    oopsibrokeit Well-Known Member

    Joined:
    Mar 11, 2012
    Messages:
    70
    Likes Received:
    7
    Ok so im a little behind here but I went to two test sites for this and both showed me as open to the exploit so I got telstop from the play store which seems to a shorter version of shabbys suggested fix
     
  23. wetbiker7

    wetbiker7 Well-Known Member Contributor

    Joined:
    Jun 27, 2011
    Messages:
    7,475
    Likes Received:
    3,426

    Yep, tried it on my Marquee running CTMod. A screen with my MEID popped up. Damn!
     
  24. cwhatever

    cwhatever Life Goes On Guide

    Joined:
    Mar 4, 2012
    Messages:
    3,038
    Likes Received:
    842
    In the lounge someone suggested adding another dialer, I did that and when I run these tests it asks which dialer to use, but doesn't affect me making or recieving calls. Would this be a fix too?
     
  25. wetbiker7

    wetbiker7 Well-Known Member Contributor

    Joined:
    Jun 27, 2011
    Messages:
    7,475
    Likes Received:
    3,426
    Yep, I've already tried that and it works.
     

Share This Page

Loading...