1. Check out our companion app, Forums for Android! Download from Google Play

Tips Security: The Rise is vulnerable to the USSD remote wipe attack

Discussion in 'Android Devices' started by db2, Jan 2, 2013.

  1. db2

    db2 Well-Known Member
    Thread Starter

    USSD is the name given to those "star codes" that you punch in to your dialer to make the phone do things. There's a bug in dialers prior to 4.1, in which the dialer accepts such codes from a webpage just as though they had been put in manually, meaning it executes the dialer *#whatever# code. This can be used to essentially make your phone do a factory reset without your consent.

    This app will intercept the attempt without interfering with normal phone operations:

    From this XDA post:

    The other thing you can do is install an alternative dialer, retaining the original, so every dial attempt requires interaction. The NoUSSD solution is better because it doesn't get in the way like that.

    Once we get JB, if we ever get JB, this problem won't apply.


    AndyOpie150 likes this.
  2. daffyducknj

    daffyducknj Well-Known Member

    May 24, 2012
    odd jobs atm
    NJ, USA
    Great tip.

    If the avast virus scanner is installed, and have it set up to run in the background, the phone will be protected from this attack.

Share This Page