33 replies to this topic

[tailland]

Well, now you remember ... however, not many devices have USSD codes that can actively change the phone's inner settings so easily and IIRC Samsung phones were mentioned as the ones that were in greatest danger

BUT: USSD codes in general can do all sorts of things, sometimes depending on your carrier, like...
- changing your sim card's PIN code
- blocking / rerouting / MAKING calls and sms (even to expensive premium numbers)
- charging up prepaid SIM cards from cash/credit card directly

Nasty enough, you'd think. A fraudster could use these weapons to earn lots of moneys...

Samsung devices however, have a special, MUCH larger set of USSD codes, with which you can basically debug and manipulate the device at large...
For example : a factory reset via a single command *2767*3855#

[johnthehillbilly]

I think one of the problems with that is.... a simple google search can provide you with most or all of the codes necessary to do some major "damage"....

And you called it right "weapons"..... (in the wrong hands)
sent from my DROID RAZR tapadriving ...

[tailland]

Well, the USSD codes are a feature of GSM networks, so originally, there was no real possibility of remote abuse. With smartphones and installed applications, that game changed.

However, Samsung's stupidity to leave all sorts of debugging/manipulation codes intact when delivering devices to customers, is humongously irresponsible.

Edit:
As I read right now, Samsung phones can execute such commands even when they're embedded in an SMS which is sent to the device... The command will be executed WITHOUT any user interaction ... OUCH!

[johnthehillbilly]

.... can be kind of scary especially for Samsung device owners.... incompetence of a corporation has negative effects on the end user....

sent from my DROID RAZR tapadriving ...

[Nitewolf]

As I read right now, Samsung phones can execute such commands even when they're embedded in an SMS which is sent to the device... The command will be executed WITHOUT any user interaction ... OUCH!

One reason why I use a text/call blocker. Nothing gets through except from contacts.

[Rycix]

There is an exploit blocker by Avira that may help users protect themselves. I would recommend people download it. If it can block something or check it, you will have the option to open whatever it is via the app. I'm not sure if it would block this specific exploit, but it is better than nothing.

[eyecre8]

Just consolidating the apps listed so far that supposedly protect against this issue:

Telstop:

Please Login or Register to see this Hidden Content

Motorola SafeTelHandler:

Please Login or Register to see this Hidden Content

Avast! Mobile Security:

Please Login or Register to see this Hidden Content

Avira USSD Exploit Blocker:

Please Login or Register to see this Hidden Content

Lookout Security & Antivirus:

Please Login or Register to see this Hidden Content

Webroot Security & Antivirus:

Please Login or Register to see this Hidden Content

[G8orDroid]

Just tested both the link in the OP and the link from the Motorola SafeTelHandler page on Play with my Galaxy Note 2 and both return *#06# to the dialer. May have been fixed in Jelly Bean, at least for Samsung, IDK.

[tailland]

Just tested both the link in the OP and the link from the Motorola SafeTelHandler page on Play with my Galaxy Note 2 and both return *#06# to the dialer. May have been fixed in Jelly Bean, at least for Samsung, IDK.

In case that's unclear: THAT is the fix... normally, the code is executed as soon as its last digit is typed, no further need to press the "dial" button or so...

But the listed fixes work in different ways...
Some of them send "defused" code back to the dialer, others will give you an option to execute or cancel the code... And only professional apps like "Avast" can catch the deeper going threats (not from websites/qr), but from malicious local apps as well..

If you trust all your installed apps, you're completely ok with a simple tel:/ protocol handler like the one from Moto. If you're paranoid (like me), you will let Avast handle business...

[G8orDroid]

In case that's unclear: THAT is the fix... normally, the code is executed as soon as its last digit is typed, no further need to press the "dial" button or so... the fix prohibits the automatic execetion.

Per the SafeTelHandler page:
To determine if your phone is vulnerable, perform the following steps:
1. Open your device’s browser and navigate to

Please Login or Register to see this Hidden Content

2. If your device is vulnerable, you will see your IMEI displayed.
3. If you see *#06#, your device is secure and you don’t need to download this app.

What am I missing? I assume if I install the app, I would be a bit safer, but it is really necessary?

[tailland]

What am I missing? I assume if I install the app, I would be a bit safer, but it is really necessary?

If you have -nothing- installed, calling that URL would cause a popup on your phone's screen to show your IMEI - bad, because that means USSD codes can be executed on your phone by remote calls.

If you have Moto's handler installed, it will send the "defused" code back to the dialer and nothing happens (as it should be under stock JB btw)

If you have other handlers installed, they will let you chose whether you want the code executed or not.. questionable practice, because I see no valid interest in getting remotely initiated USSD calls.

If you hava Avast installed, it will generally block all non-manual initiation attempts of that code

Chose what you like...

BTW: If you have nothing like that installed and it still only shows the code in your dialer, I assume you don't run stock ICS, do you ?

[G8orDroid]

...
BTW: If you have nothing like that installed and it still only shows the code in your dialer, I assume you don't run stock ICS, do you ?

If you re-read my original post, I stated that I was using a "Galaxy Note 2" and the problem "may have been fixed in Jelly bean". I was never trying to be argumentative about it, just posting my results for everyone's information. I recall nothing from the OP that stated it was a problem for "stock ICS" only. I will freely admit that I did not study the post in detail though. These little misunderstandings are why I post less and less in the forums.

Good day.

[tailland]

If you re-read my original post, I stated that I was using a "Galaxy Note 2" and the problem "may have been fixed in Jelly bean". I was never trying to be argumentative about it, just posting my results for everyone's information. I recall nothing from the OP that stated it was a problem for "stock ICS" only. I will freely admit that I did not study the post in detail though. These little misunderstandings are why I post less and less in the forums.Good day.

I have no problem with that, I easily miss the details of someone's setup as well, there are just too many of them on such a forum ^^

And the whole thing is a bit complicated, too...
Generally speaking, devices running JB shouldn't be in danger anway, since the tel: protocol handling exploit was said to be a vulnerability of Android versions prior to JB.

It SEEMS, and I may be wrong on that, that SOME Samsung phones, are still vulnerable anway.. for whatever reason, I don't know. If I read lots of these articles correctly, Touchwhiz seems to have a role in the remaining presence of the exploit in otherwise safe JB environments... it's all very confusing and profound factual data is a bit hard to come by... that's why I would go down the safe road and install something like Avast until we know all the important things about it...

[eek88dj]

Thank you my Razor Maxx og showed my IMEI also.
Thanks for catching that.