Hello & Welcome to our community. Is this your first visit? Register

Results 1 to 7 of 7
  1. #1
    Omega Alfons's Avatar

    Rank
    The Omega
    Join Date
    Apr 2005
    Posts
    5,189

    Remote USSD Attack - Samsung Android phones

    An interesting (and potentially devestating) remote attack against at least some Samsung Android phones (including the Galaxy S3) was disclosed recently.

    In brief it works like this:

    Phones support special dialing codes called USSDs that can display certain information or perform specific special features. Among these are common ones (*#06# to display IMEI number) and phone specific ones (including, on some phones, a factory reset code).

    There is a URL scheme prefix called tel: which can, in theory, be used to hyperlink to phone numbers. The idea being that clicking on a tel: URL will initiate the phone's dialer to call that number.

    In some phones the dialer will automatically process the incoming number. If it's a USSD code then it will be handled exactly as if it had be keyed in manually - requiring no user intervention to execute.

    A tel: URL can be used by a hostile website as the SRC for an iframe (or potentially other resources like stylesheets or scripts I guess). It may then be loaded and acted upon with no user intervention at all.
    Remote USSD Attack - Prevention - dylan//posterous





    This basicly allows you to completely wipe most Samsung android phones (including the S3) remotely by luring the user to your website (where the code to reset the device is executed upon loading the website). For the S3 it only works if the user is still on the default android version and hasn't upgraded to Jelly Bean. The default browser must be used too.

    So if you recently got an S3, upgrade it to Jelly bean!


  2.  
  3. #2
    Browncoat Robert's Avatar

    Rank
    Legend
    Join Date
    Mar 2003
    Location
    UK
    Posts
    9,002

    Re: Remote USSD Attack - Samsung Android phones

    Having skype means it constantly asks me what I want to use, that or the default browser.

    So I guess that would mean if this happened, it would stop it and ask me what to do?

    But yeah having a USSD to reset the phone is silly. Though maybe it has some reason to have it, like it's a part of Samsung Dive or something?
    People don't like to be meddled with.
    We tell them what to do, what to think. Don't run, don't walk.
    We're in their homes and in their heads and we haven't the right.
    We're meddlesome.

  4. #3
    ˌ

    Rank
    The Omega
    Join Date
    Apr 2005
    Location
    Dallas, TX
    Posts
    8,900

    Re: Remote USSD Attack - Samsung Android phones

    Quote Originally Posted by Robert View Post
    Having skype means it constantly asks me what I want to use, that or the default browser.

    So I guess that would mean if this happened, it would stop it and ask me what to do?

    But yeah having a USSD to reset the phone is silly. Though maybe it has some reason to have it, like it's a part of Samsung Dive or something?
    You're correct. As long as the "use this by default" box isn't checked it'll always ask you which one before opening.

    I don't know many people who use the stock android browser anyway. Most people either use dolphin or chrome. If this only works on the initial version that shipped with the gs3 and the stock browser then I don't see this as a problem.
    _

  5. #4
    Omega Alfons's Avatar

    Rank
    The Omega
    Join Date
    Apr 2005
    Posts
    5,189

    Re: Remote USSD Attack - Samsung Android phones

    Quote Originally Posted by Robert View Post
    Having skype means it constantly asks me what I want to use, that or the default browser.

    So I guess that would mean if this happened, it would stop it and ask me what to do?

    But yeah having a USSD to reset the phone is silly. Though maybe it has some reason to have it, like it's a part of Samsung Dive or something?
    Correct.

    Quote Originally Posted by Ron View Post
    You're correct. As long as the "use this by default" box isn't checked it'll always ask you which one before opening.

    I don't know many people who use the stock android browser anyway. Most people either use dolphin or chrome. If this only works on the initial version that shipped with the gs3 and the stock browser then I don't see this as a problem.
    The thing is that it's not just the GS3, the GS3 and other Samsung phones are vulnerable as well.

  6. #5
    pork pork Parker's Avatar

    Rank
    The Omega
    Join Date
    Dec 2007
    Location
    new holland.
    Posts
    6,051

    Re: Remote USSD Attack - Samsung Android phones

    I guess they'll hurry up & push the 4.1 update then hopefully.

  7. #6
    Browncoat Robert's Avatar

    Rank
    Legend
    Join Date
    Mar 2003
    Location
    UK
    Posts
    9,002

    Re: Remote USSD Attack - Samsung Android phones

    It's already been patched on the SG3
    People don't like to be meddled with.
    We tell them what to do, what to think. Don't run, don't walk.
    We're in their homes and in their heads and we haven't the right.
    We're meddlesome.

  8. #7
    Programmer

    Rank
    Moderator
    Join Date
    May 2008
    Location
    United States
    Posts
    1,197

    Re: Remote USSD Attack - Samsung Android phones

    Anyone know if the Samsung S2 Some Long Name Epic affected?
    I am who I am.
    I know what I know.
    I do what I do.
    Buy anything from Amazon.com?
    Buy from smile.amazon.com and 5% of your purchase goes to a charity of your choice.
    Perhaps Red Cross or Electronic Frontier Foundation?

    Quote Originally Posted by s-p-n
    but in some sense it makes more sense

 

 

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HyperFilter
Sponsored by HyperFilter , secured by Incapsula , powered by LiteSpeed.
Mods by DBTech. All times are GMT +1. The time now is 12:00 PM.
Powered by vBulletin® Copyright , Jelsoft Enterprises Ltd.