View Single Post
Old 18. Jan 2013, 07:22 AM   #8 (permalink)
Senior Member
Join Date: Aug 2012
Posts: 192

Originally Posted by Anupam View Post
No, it does not.

IO.Hazard first gave the wrong answer, but corrected himself in the post above.

I got the above pop-up message for my phone too, except it was Avast instead of Lookout.

The pop-up message simply shows options to select one, to complete the action with. It's like the "Open with" in Windows, where Windows wants to know which program to open the file with. Same here. So, the pop-up message does not mean that the phone is safe.
I dropped the ball back there and I'm sorry for that.

What I really meant to say to kendall.a was that he had an option to protect his phone against this vulnerability (provided by Lookout). I shouldn't have said "Yes, your phone is protected" because I had no idea about his actual results with the web-based USSD test.

In order to polish this post and avoid further confusion, I've written this tiny guide based on my own experience.

This is how I performed the web-based USSD vulnerability test:
  • 1. I went to the web page mentioned in the first post.
  • 2. When prompted, I ignored the other dialing apps and selected the stock dialer.
After this, two things can happen:
  • a. If you see your stock dialer loaded up but showing nothing (meaning you never saw your phone's IMEI) it means you're safe and your phone is not vulnerable to USSD attacks by default . I know this because that's what happened to me (according to my phone's manufacturer, my phone doesn't have the USSD issue).

  • b. However, if your phone shows its IMEI number right after selecting the stock dialer, it means your phone is vulnerable and you should take immediate action . (Update the OS to the latest version provided by the manufacturer, install a Security Suite with protection against USSD or install some of the anti-USSD tools available in the play store).

If you already have a dialing protection installed (like the ones provided by avast!, Lookout, Trustgo, Sophos and others), setting it as the default app to perform dialing would be a good idea.

I sincerely hope this helps you in a better way than before.
IO.Hazard is offline   Reply With Quote