Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Any Android below 4.1 vulnerable to 'Dirty USSD' hack

SternisheFan (2529412) writes | about 2 years ago

Android 0

SternisheFan writes "PCMag: It turns out that the "Dirty USSD" exploit demonstrated yesterday on Samsung devices affects all Android devices running anything below Android 4.1.x aka Jelly Bean.
    Just to recap, the exploit (disclosed by researcher Ravi Borgaonkar at Ekoparty in Buenes Aires) uses the Android dialer to automatically "call" a USSD code (no user permission required!); the code can be spread through legit-looking URL, an NFC attack, or a malicious QR code. The most threatening USSD code, a factory reset, was specific to Samsung TouchWiz phones and has already been disabled by Samsung. However, there are many other USSD codes that work on different Android devices, though viaForensics's Ted Eull said they aren't so easy to find.
    At first we thought the vulnerability involved a combination of the Android dialer and the stock browser, but turns out it has nothing to do with the browser. Mobile security consultancy viaForensics was able to replicate the exploit with Firefox and Dolphin browsers, and concluded that the problem is just the Android dialler. Google has already released an over-the-air (OTA) patch for its own, unlocked Galaxy Nexus devices, which should now all be running at least Android 4.1.1 by now. Mitigation: If you bought your device from a carrier, you are probably still vulnerable to this exploit. Unfortunately there's not much you can do since the only entity that can update your OS is your carrier, which isn't exactly known for timely patching (hello Android fragmentation). But all is not lost!...

Read the linked article at PCMag.com on how to protect your Android phone from this exploit."

Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>