PSA: Watch what sites you loadSupport

Last Updated:

  1. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    Some of you may have heard the big news, there is a bit of html code that can remotely do a factory reset on your device while browsing around without your consent or way to stop it. the website has to have it setup and has to the stock web browser. since this exploit was released into the public it is unknown on if any sites may "maliciously" add it in. i cant confirm or deny that this device may be subject to this exploit, but its for teh best that you know anyways.

    the code can be viewed via a frame on a website, so some jerk posting the html code into a comment isnt gunna make the site screw your phone up. so it has to be setup to run the exploit, but since it is only a few lines im sure a few sites already have ill intentions. Exploit test should show if you are vulnerable

    so far it seems its only samsung devices that are affected but many more could be.


    Confirmed you guys are exploitable

    now this means that on a stock rom dialer codes can be tripped by malicious websites :(


  2. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    Pm me the link. I just made a backup :D I'll be A test dummy
    cwhatever likes this.
  3. cwhatever

    cwhatever Life Goes On Guide

    Yeah then let us know the results. Thx.
  4. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    It did enter a dialer code, but the code didn't do anything
    ( *2767*3855#)

    I tried with stock and half ass rom.

    I guess we're safe
    cwhatever likes this.
  5. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    ok lord vincent did some testing and here is basically a rundown:

    may not be of any big concern, everyone is ranting about the sgs3 reset code since even the sgs2 has a diff code to reset it it means that the "exploit" may be on many devices but in order to effectively target them you would have to have every dialer code for every phone and i dont see that happening.

    a more likley solution is someone who knows of lets say the prevail, builds a new site that gets a lot of google hits like or something of teh sort and expects prevail owners to pull it up on their device

    if you give me the dialer codes for this device ill make a page to test, im not gunna use teh factory reset one ill use something like debug menu etc

    so while your chances of being hijacked by this are VERY slim. this is all the more reason on why you should be doing regular nandroids and saving to your computer in the event something does happen ;)

    edit: bah thats what i get for typing up a long explanation, LV already replied :p
  6. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    Yea but u explained it much better... :D

    Didn't mean to step on your toes
  7. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    oh man no toes stepped on, i posted about this in hopes to get awareness like i did with the ZTE backdoor :p

    anyways will load up the exploit targeted towards the prevail it wont wipe ya :p.

    updated op
    The~Skater~187 likes this.
  8. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    I was wrong... The one i was thinking of us ##72786# and it only does some update... Nothing gets deleted

    Edit-and still requires you to enter your msl! That may be what saves us... Most hidden menu functions ask for your msl :) (ps this code is what they gave my sister to fix her phone. It randomly stopped receiving/sending phone calls bit 3g still worked... Not sure what it changes, but it restored her ability to use this phone as a phone)
  9. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    still stands you guys are suseptible to teh exploit, as is teh admire and ZTE warp so im gunna leave this thread here. you guys are lucky enough to have a solid cm rom but i imagine a lot of phones that this attacks wont be as lucky. since cm doenst let you use dialer codes
  10. cwhatever

    cwhatever Life Goes On Guide

    so ct mod doesn't let you use the dialer after 2.4 or something. so that is safe too then?
  11. Rarewolf

    Rarewolf Well-Known Member

    What if we get rid of hidden menu?
    I don't really use it. And Idk what i would need it for.
  12. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    That would work, but you should probably try freezing it first
    (i think you need it for system/prl/data profile updates)

    If you don't have titanium backup, you can use 'app quarantine'. It's free on the play store
  13. titetanium

    titetanium Well-Known Member

    Hmm, it shows shrimps jammin' on the jimjam on my laptop but on my phone it shows a page to enter my msl? I used the xscope browser, so the exploit seems to work with that too. Yikes! If I remove the stock browser, it would break several apps that depend on it like geniewidget.apk, voicesearch.apk, plus quicksearchbox.apk & voicedialer.apk (both depends on voicesearch.apk). All of these apps will force close when the browser is removed.
  14. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    the way i setup the code is it loads two frames one being my homepage at (where the flash animation comes in) and the other frame contains the "exploit"
  15. wetbiker7

    wetbiker7 Well-Known Member Contributor

    After 2.5;)

    I think that updates the MMS settings. That is code I used to fix my MMS on the Marquee.
    cwhatever likes this.
  16. The~Skater~187

    The~Skater~187 Well-Known Member

    Tried this on my marquee runnung ctmod 3.6.8 using dolphin Browser and it opened my hidden menu. So I'm guessing that the marquee is vulnerable?
  17. vce2005

    vce2005 Well-Known Member

  18. DarkJedi

    DarkJedi Well-Known Member

    Yup. Us Proclaim users are vulnerable too. I took Shabbypenguin's test page, posted it on my server, and edited the number to a Verizon Wireless hidden menu code. Sure enough, it launched the hidden page.
  19. palmtree5

    palmtree5 Sunny Vacation Supporter! Moderator

    USSD Exploit Test This is another test that you could run. Found it on Lifehacker and visited the page on my phone. Shows up with my MEID. CM9
  20. Shabbypenguin

    Shabbypenguin Well-Known Member Developer

    not to alarm anyone, but while a factory reset dialer code is fairly uncommon with devices, and teh odds of being targetted for that are slim there is however a fairly universal dialer code.


    it sets up call forwarding to whatever you use as the phone number. what that means is ytou can go to a site that has this code setup and it will forward all of your calls automatically without you knowing. worse still imagine if they were all.. "adult" phone numbers. people calling you would be charged 1-5 dollars per call depending on how long they try figuring out wtf is going on and recalling.

    installing a second dialer program and never setting teh default will add a layer of security, go to teh website and it activates the code and your phone asks which dialer (obviously a warning sign).
    wyelkins and Lordvincent 90 like this.
  21. Lordvincent 90

    Lordvincent 90 ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ Guide

    An excellent point!

    Right that wiuld be funny... Dad calls and it's all 'how's it going big boy? You want to have some fun?'

    That would be PRICELESS (for like 30 seconds)
  22. oopsibrokeit

    oopsibrokeit Well-Known Member

    Ok so im a little behind here but I went to two test sites for this and both showed me as open to the exploit so I got telstop from the play store which seems to a shorter version of shabbys suggested fix
  23. wetbiker7

    wetbiker7 Well-Known Member Contributor

    Yep, tried it on my Marquee running CTMod. A screen with my MEID popped up. Damn!
  24. cwhatever

    cwhatever Life Goes On Guide

    In the lounge someone suggested adding another dialer, I did that and when I run these tests it asks which dialer to use, but doesn't affect me making or recieving calls. Would this be a fix too?
  25. wetbiker7

    wetbiker7 Well-Known Member Contributor

    Yep, I've already tried that and it works.

Share This Page