ChiefsPlanet - Electronics Android security flaw

ChiefsPlanet (https://www.chiefsplanet.com/BB/index.php)

- Nzoner's Game Room (https://www.chiefsplanet.com/BB/forumdisplay.php?f=1)

- -

Android security flaw (https://www.chiefsplanet.com/BB/showthread.php?t=264305)

Android security flaw

Figure there are Android phone users out there that don't visit the Media Center that might be affected by this which is why this is in the Lounge. I have added the QR code below that will link you directly to the test site (in case you aren't reading from your mobile).

SCAN:
http://qr.kaywa.com/?s=8&d=http%3A%2...Ftestussd.html

OR CLICK:
http://www.isk.kth.se/~rbbo/testussd.html

http://www.pcworld.idg.com.au/articl...security_flaw/

Quote:

A security flaw has been discovered on various Android smartphones that allows a USSD code to perform a factory reset without any confirmation prompt. Is your Android phone at risk? Here's how to find out.

The USSD flaw was highlighted overnight at a Security Conference in Buenos Aires, Argentina by Ravi Borganokar, a researcher in the telecommunications department at the Technical University of Berlin. It was first said to occur only on various Samsung smartphones running the TouchWIZ UI overlay, but it has since been discovered that the problem can affect various other Android phones, too.

The USSD codes themselves aren't a problem, but on some Android phones these can be executed without a confirmation prompt. Some of these codes, typed into the phones keypad, are harmless (such as the one used to display a phone's IMEI number) but other codes can factory reset the phone. USSD codes typically start with an asterisk (*) followed by numbers and almost always end with a hash (#).

On Android phones that don't require a confirmation prompt, a factory reset USSD code can be dialled automatically by the phone. While it's almost impossible to dial the code into the dialler accidentally, this code could be embedded into a URL link, a QR code, or an SMS by a hacker. This would mean you phone would be factory reset as soon as you opened the malicious link.

To check if your Android phone is vulnerable, follow these steps:

1. Visit this link through your phone's Web browser. Don't worry, it's a test page so it's not going to reset your phone!

2. If your phone's dialler pops up and shows a number, your phone isn't affected and there's no need to worry. This is shown below on a Sony Xperia go:

http://cdn-us1.idg.com.au/gim/id/62508/res/24

However, if your phones dialler pops up and immediately displays a pop up menu with your IMEI number, your phone is vulnerable to this security flaw. This is displayed below on a Samsung Galaxy S III:

http://cdn-us1.idg.com.au/gim/id/62510/res/24

To fix this security flaw until your carrier or manufacturer issues a patch for the problem, you can download an app called TelStop. You can find it in the Google Play Store here.

Thanks for this. Apparently no issue with my Galaxy Nexus.

Z

Thanks. My Motorola Droid X2 and my wife's Motorola Electrify were both affected.

My HTC Amaze is apparently vulnerable as well.
Posted via Mobile Device

Thanks. Apparently, my Xperia X10 is vulnerable.

Mine is too.

I'm not worried about it.

Factory reset doesn't hurt the phone.

Sure, you can lose pics and music on your device, but you should back that stuff up anyway.

Quote:

Originally Posted by Dave (Post 8954046)

Mine is too.

I'm not worried about it.

Factory reset doesn't hurt the phone.

Sure, you can lose pics and music on your device, but you should back that stuff up anyway.

LMAO...

If this were an iPhone flaw, this thread would have 100 posts already. At least 30 or so from you....

Galaxy Nexus is clear

So mine brought up my keypad with no numbers no imei or whatever. I'm on the S3.

Quote:

Originally Posted by KC Fish (Post 8954060)

LMAO...

If this were an iPhone flaw, this thread would have 100 posts already. At least 30 or so from you....

I'm sure you're right, but many of us who bitch frequently switch ROMs anyway. I've done a factory reset on my phone 3-4 times in the past month alone, so this wouldn't be any big deal.

My phone is affected.
Posted via Mobile Device

Quote:

Originally Posted by KC Fish (Post 8954060)

LMAO...

If this were an iPhone flaw, this thread would have 100 posts already. At least 30 or so from you....

A big reason why there aren't 100 posts in this thread already is because of the minute differences between UI's depending on brand and carrier. Not all Android phones were affected by this while a security gap of this nature on an iPhone would most likely affect every single one.

Thanks for the heads-up.

My EVO isn't affected.

Thanks for the heads up though!

Quote:

Originally Posted by DaFace (Post 8954068)

I'm sure you're right, but many of us who bitch frequently switch ROMs anyway. I've done a factory reset on my phone 3-4 times in the past month alone, so this wouldn't be any big deal.

Yep.

Zero worries on my end.