Methods of infection include:
- NFC-enabled mobile phone , if it touches a rogue NFC tag you're infected
- If an android phone scans a malicious QR code
- A user acts upon a fake service message
- Attackers can include the malicious message in a text messages, e-mails, and even twitter posts
Infection occurs by simply opening a website containing an HTML tag for a call function, and replacing the telephone number with the USSD code for a factory reset. USSD codes are commands that are executed by entering them in your keypad—for instance if you dial #*#INFO"*" you can access certain menu settings. For every Samsung phone running Touchwiz, there's a unique set of USSD codes that performs various commands. One the page is rendered, your phone is wiped and/or your SIM card killed. *gulp*
12.04KB 60 downloads
But is it limited to just Samsungs? Ongoing research is leaning to no.
Fortunately the vulnerability is limited to particular models and specific version releases.
Samsung claims that they have fixed the USSD/MMI code issues in their latest edition to the Galaxy series, Galaxy S3. According to a statement by Samsung They have already released a firmware update for some of their phones. However, Android users other than Samsung may still be vulnerable to this virus as other companies are unlikely or slow to send a firmware update for their users.
The origin of this virus appears to have sprang forth from a recent discovery:“We would like to assure customers that the recent security issue affecting the Galaxy S III has already been addressed in a software update. We believe this issue was isolated to early production devices, and devices currently available are not affected by this issue. To ensure customers are fully protected, Samsung advises checking for software updates through the ‘Settings: About device: Software update’ menu. We are in the process of evaluating other Galaxy models.”
Samsung Galaxy S III secret USSD reset code discovered
It's not just the Samsung S III that is affected, the code also wipes the Galaxy Beam, S Advance, Galaxy Ace and Galaxy S II. Although it does not wipe the Galaxy Nexus tablet.Security team discovers secret USSD command that completely wipes Samsung devices in under three seconds......The USSD (Unstructured Supplementary Service Data) code is a protocol used by GSM telephones to communicate with the service provider's computers for configuring the phone. The security team has also shown a USSD code that can be used to wipe the SIM card from the Samsung S III leaving the user with a very expensive plastic brick for a handset.
More information can be found here:
As most manufacturers are slow to issue firmware updates and many phone models are not supported anymore they will probably remain vulnerable.
Because of this, an app was created called TelStop that blocks the attack by registering a secondary "tel:" URI handler.
When TelStop is installed and the phone encounters a "tel:" URI, the user is presented with a dialog to choose between TelStop and the regular dialer. If TelStop is chosen, the application will reveal the content of the "tel:" URI and will display a warning if the content is likely to be malicious
App download here:
Security Researcher Ravi Borgaonkar created a test that lets you check if your Android device is vulnerable.
Click on the following link from your phone. If you can see your IMEI, (as in the photo below) you're vulnerable.
Url to test:
58.2KB 76 downloads
Via:
.gif)
