Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > Mobile Apps

Reply
 
Thread Tools Display Modes
Old 16. Jan 2013, 07:58 PM   #1 (permalink)
Senior Member
 
Join Date: Aug 2012
Posts: 192
Question Is your Android phone prone to USSD attacks?

As you may have read, last year Samsung reported a vulnerability in some of its Galaxy phones (including the Galaxy SIII) which could allow a malicious website to wipe (yes, WIPE) your device without any confirmation from you by dialing specific web-based USSD codes without the user knowing about it. Not too late, the Korean company published a patch to fix it, but new details around the web indicate that the problem goes beyond the Samsung product line and may affect models from other companies.

Want to check is your phone is protected? You can do it thanks to Dylan Reeve and a special page he prepared. Using your phone's browser, go to this site:

http://dylanreeve.com/phone.php

The Site will launch a web-based (though inoffensive) USSD code [*#06#]. If your phone shows your IMEI number automatically, it means it's not protected against USSD attacks. However, if your see a system prompt asking for your confirmation before executing the USSD code, you're in luck and your phone is protected.

If you have Avast! or Sophos Mobile Security installed in your Phone, chances are you are protected against USSD attacks since Avast! includes a "Number Validator" and Sophos uses a "Check before Dialing" that will ask for your confirmation before dialing USSD codes executed through the web.

If you have another Security Suite installed in your phone, you can still protect it against web-based USSD attacks without switching to Avast! or Sophos, just install the NoUSSD app from the Play Store:

https://play.google.com/store/apps/d...android.noussd

It is a small app (27k), requires no special permissions and it is, of course, completely free.
IO.Hazard is offline   Reply With Quote
Old 16. Jan 2013, 08:41 PM   #2 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,277
Default

Thanks for this information. My phone is susceptible to this attack. It's good that I have Avast installed, which blocked the attempt.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 16. Jan 2013, 10:49 PM   #3 (permalink)
Been Here Since the Begin
 
kendall.a's Avatar
 
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
Default

My Droid X2 Global popped up with a message when I went to the page. It asked me if I wanted to "complete action using: Dialer, or "Scan with Lookout before dialing".

I assume that means that I am protected?
__________________
<-------Just jammin to some music....
kendall.a is offline   Reply With Quote
Old 17. Jan 2013, 12:56 AM   #4 (permalink)
Senior Member
 
Join Date: Aug 2012
Posts: 192
Lightbulb

@Anupam:
You are welcome!

Quote:
Originally Posted by kendall.a View Post
My Droid X2 Global popped up with a message when I went to the page. It asked me if I wanted to "complete action using: Dialer, or "Scan with Lookout before dialing".

I assume that means that I am protected?
Yes. If your phone showed you a prompt before executing the USSD code it means your phone is protected. Is good to know that Lookout has included that protection too.

Whichever the case, if you are offered to "scan the number" (or any given name your security app assigns to that action) just do so and set it as the default action. That should keep you protected at all times.
IO.Hazard is offline   Reply With Quote
Old 17. Jan 2013, 02:42 AM   #5 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

Thanks for sharing this, I got "Complete action using":
Fongo
Phone
Scan before dialing
TrustGo Dialer Protection
J_L is offline   Reply With Quote
Old 17. Jan 2013, 06:53 AM   #6 (permalink)
Senior Member
 
Join Date: Aug 2012
Posts: 192
Default

Quote:
Originally Posted by J_L View Post
Thanks for sharing this, I got "Complete action using":
Fongo
Phone
Scan before dialing
TrustGo Dialer Protection
Well I have to make some things clear:

As you may already know, Android will ask about the app you want to use whenever you have two or more apps installed that can do the same thing (dialing apps, video players, music players, etc.). If you have more than one app for calling, Android will show the "Complete action using..." as you say but it doesn't mean that you have USSD protection. (The funny thing is that having a second calling app has the "collateral" benefit of preventing automatic USSD dialing ).

In your particular case, you do have protection against web-based USSD dialing which is provided by "TrustGo Dialer Protection". So, the next time you do the test just select that option and check the "Set as default" option.
IO.Hazard is offline   Reply With Quote
Old 17. Jan 2013, 07:22 PM   #7 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,277
Default

Quote:
Originally Posted by kendall.a View Post
My Droid X2 Global popped up with a message when I went to the page. It asked me if I wanted to "complete action using: Dialer, or "Scan with Lookout before dialing".

I assume that means that I am protected?
No, it does not.

IO.Hazard first gave the wrong answer, but corrected himself in the post above.

I got the above pop-up message for my phone too, except it was Avast instead of Lookout.

The pop-up message simply shows options to select one, to complete the action with. It's like the "Open with" in Windows, where Windows wants to know which program to open the file with. Same here. So, the pop-up message does not mean that the phone is safe.

To test, I chose the option of dialer, on which the IMEI number was shown. So, I think my phone was susceptible. My thinking is that if on selecting the dialer, another pop-up message for confirmation is shown, then the phone is safe, otherwise not. So, based on that, I said my phone is susceptible. When I chose Avast as the option, then it stopped the execution of the code.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 18. Jan 2013, 07:22 AM   #8 (permalink)
Senior Member
 
Join Date: Aug 2012
Posts: 192
Post

Quote:
Originally Posted by Anupam View Post
No, it does not.

IO.Hazard first gave the wrong answer, but corrected himself in the post above.

I got the above pop-up message for my phone too, except it was Avast instead of Lookout.

The pop-up message simply shows options to select one, to complete the action with. It's like the "Open with" in Windows, where Windows wants to know which program to open the file with. Same here. So, the pop-up message does not mean that the phone is safe.
I dropped the ball back there and I'm sorry for that.

What I really meant to say to kendall.a was that he had an option to protect his phone against this vulnerability (provided by Lookout). I shouldn't have said "Yes, your phone is protected" because I had no idea about his actual results with the web-based USSD test.

In order to polish this post and avoid further confusion, I've written this tiny guide based on my own experience.

This is how I performed the web-based USSD vulnerability test:
  • 1. I went to the web page mentioned in the first post.
  • 2. When prompted, I ignored the other dialing apps and selected the stock dialer.
After this, two things can happen:
  • a. If you see your stock dialer loaded up but showing nothing (meaning you never saw your phone's IMEI) it means you're safe and your phone is not vulnerable to USSD attacks by default . I know this because that's what happened to me (according to my phone's manufacturer, my phone doesn't have the USSD issue).

  • b. However, if your phone shows its IMEI number right after selecting the stock dialer, it means your phone is vulnerable and you should take immediate action . (Update the OS to the latest version provided by the manufacturer, install a Security Suite with protection against USSD or install some of the anti-USSD tools available in the play store).

If you already have a dialing protection installed (like the ones provided by avast!, Lookout, Trustgo, Sophos and others), setting it as the default app to perform dialing would be a good idea.

I sincerely hope this helps you in a better way than before.
IO.Hazard is offline   Reply With Quote
Old 18. Jan 2013, 08:55 AM   #9 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,277
Default

No need to say sorry IO.Hazard. As I said before, you had already corrected yourself in the second post. But, you explained things even better this time.

And the "b" scenario happened with me, that's why, I said my phone is susceptible. Unfortunately, my phone won't be having any further OS updates. Anyways, I have Avast for protection.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 24. Mar 2013, 12:20 AM   #10 (permalink)
Senior Member
 
Juxxize's Avatar
 
Join Date: Jul 2012
Location: Merry Old England
Posts: 220
Default

cheers for the advice, i checked and i'm good
__________________
I love Gizmos, it is my bible
Juxxize is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 03:47 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.