Security: The Rise is vulnerable to the USSD remote wipe attack


Android Enthusiast
USSD is the name given to those "star codes" that you punch in to your dialer to make the phone do things. There's a bug in dialers prior to 4.1, in which the dialer accepts such codes from a webpage just as though they had been put in manually, meaning it executes the dialer *#whatever# code. This can be used to essentially make your phone do a factory reset without your consent.

This app will intercept the attempt without interfering with normal phone operations:

From this XDA post:

The other thing you can do is install an alternative dialer, retaining the original, so every dial attempt requires interaction. The NoUSSD solution is better because it doesn't get in the way like that.

Once we get JB, if we ever get JB, this problem won't apply.


Android Enthusiast
Great tip.

If the avast virus scanner is installed, and have it set up to run in the background, the phone will be protected from this attack.