What is the USSD attack?
In this article I'm going to talk about USSD ATTACK (Unstructured
Supplementary Service Data) which attackers use to control your device
through transfering balance or wipe your device.
The recent discovery of a vulnerability in Unstructured Supplementary Service
Data (USSD) has shown the possibility of a malicious text message, website,
QR code, etc. remotely wiping your phone! Not all devices are vulnerable, but
I've found a free app on the android market (I still refuse to call it the play
store) that can block USSD messages.
The purpose of USSD codes is that telecom operators can provide distance
support for phone devices. An example of such code is one that displays IMEI
number (*#06#), but there are also USSD commands that can wipe all data
and restore a phone to factory settings.
As many of us know, Samsung has reported vulnerability last year in some
galaxy phones (even Galaxy S3), which could allow malicious website to wipe
your device without your confirmation by dialing specific USSD codes without
the user know about it.
How it works?
against USSD attacks. However, if your see a system prompt asking for your
For android users there is an application available in the Play Store called
"Eset USSD Control" which protects your devices from USSD code attacks
executed via malicious SMS, QR code, or URL link.
Protect yourself from data loss through remote wipe or other harmful actions
of USSD hack.
How does ESET USSD Control protect you?
By checking for malicious codes before they are executed, ESET USSD Control
makes sure that all data on your Android phone stay safe. The app displays a
warning window each time a malicious USSD code is found, blocking the
execution of the potentially harmful command.
In this article I'm going to talk about USSD ATTACK (Unstructured
Supplementary Service Data) which attackers use to control your device
through transfering balance or wipe your device.
The recent discovery of a vulnerability in Unstructured Supplementary Service
Data (USSD) has shown the possibility of a malicious text message, website,
QR code, etc. remotely wiping your phone! Not all devices are vulnerable, but
I've found a free app on the android market (I still refuse to call it the play
store) that can block USSD messages.
The purpose of USSD codes is that telecom operators can provide distance
support for phone devices. An example of such code is one that displays IMEI
number (*#06#), but there are also USSD commands that can wipe all data
and restore a phone to factory settings.
As many of us know, Samsung has reported vulnerability last year in some
galaxy phones (even Galaxy S3), which could allow malicious website to wipe
your device without your confirmation by dialing specific USSD codes without
the user know about it.
How it works?
The Site will launch a web-based (though inoffensive) USSD
code [*#06#]. If
your phone shows your IMEI number automatically, it means it's
notprotected
against USSD attacks. However, if your see a system prompt asking for your
confirmation before executing the USSD code, you're in luck and your
phone is
protected.
If you have Avast! or Sophos Mobile Security installed in
your Phone, chances
are you are protected against USSD attacks since Avast!
includes a "Number
Validator" and Sophos uses a "Check before
Dialing" that will ask for your
confirmation before dialing USSD codes
executed through the web.
Protection against USSD (Unstructured Supplementary Service Data) attacks
is an essential security layer for Android devices, since these attacks can be
is an essential security layer for Android devices, since these attacks can be
easily initiated by all means that lead to visiting a website containing
malicious USSD command such as SMS, QR code, or simply by tapping a
fraudulent link in the browser.
How to protect your self?
For android users there is an application available in the Play Store called
"Eset USSD Control" which protects your devices from USSD code attacks
executed via malicious SMS, QR code, or URL link.
Protect yourself from data loss through remote wipe or other harmful actions
of USSD hack.
How does ESET USSD Control protect you?
By checking for malicious codes before they are executed, ESET USSD Control
makes sure that all data on your Android phone stay safe. The app displays a
warning window each time a malicious USSD code is found, blocking the
execution of the potentially harmful command.
0 comments:
Post a Comment