Tuesday, July 16, 2013

What Is USSD And How To Protect Your Self From It

What is the USSD attack?

In this article I'm going to talk about USSD ATTACK (Unstructured  

Supplementary Service Data) which attackers use to  control your device 

through transfering balance or wipe your device.

What Is USSD And How To Protect Your Self From It

The recent discovery of a vulnerability in Unstructured Supplementary Service 

Data (USSD) has shown the possibility of a malicious text message, website, 

QR code, etc. remotely wiping your phone!  Not all devices are vulnerable, but 

I've found a free app on the android market (I still refuse to call it the play 

store) that can block USSD messages.

The purpose of USSD codes is that telecom operators can provide distance 

support for phone devices. An example of such code is one that displays IMEI 

number (*#06#), but there are also USSD commands that can wipe all data 

and restore a phone to factory settings.

As many of us know, Samsung has reported vulnerability last year in some 

galaxy phones (even Galaxy S3), which could allow malicious website to wipe 

your device without your confirmation by dialing specific USSD codes without 

the user know about it.

How it works?

The Site will launch a web-based (though inoffensive) USSD code [*#06#]. If 

your phone shows your IMEI number automatically, it means it's notprotected 

against USSD attacks. However, if your see a system prompt asking for your 

confirmation before executing the USSD code, you're in luck and your phone is 


If you have Avast! or Sophos Mobile Security installed in your Phone, chances 

are you are protected against USSD attacks since Avast! includes a "Number 

Validator" and Sophos uses a "Check before Dialing" that will ask for your 

confirmation before dialing USSD codes executed through the web.

Protection against USSD (Unstructured Supplementary Service Data) attacks 

is an essential security layer for Android devices, since these attacks can be 

easily initiated by all means that lead to visiting a website containing 

malicious USSD command such as SMS, QR code, or simply by tapping a 

fraudulent link in the browser.

How to protect your self?
For android users there is an application available in the Play Store called 

"Eset USSD Control" which protects your devices from USSD code attacks 

executed via malicious SMS, QR code, or URL link.

Protect yourself from data loss through remote wipe or other harmful actions 

of USSD hack.

How does ESET USSD Control protect you?

By checking for malicious codes before they are executed, ESET USSD Control 

makes sure that all data on your Android phone stay safe. The app displays a 

warning window each time a malicious USSD code is found, blocking the 

execution of the potentially harmful command.
Get Eset USSD Contol


Post a Comment

Related Posts Plugin for WordPress, Blogger...> Blogger Widgets