Sunday, December 16, 2012

Android USSD Dialer Exploit



Your Android device may be vulnerable to the malicious USSD codes attack, which can initiate a wipe of data on your phone and SIM card (mainly Samsung phone are vulnerable to memory wipe because they rely on USSD code to wipe the memory without user input ). This vulnerability potentially affects any Android device running anything below Android 4.1.x (Jelly Bean).
 this exploit discovered by Ravishankar Borgaonkar who notified the “Android Security team in the third week of June, 2012, no press release or official notification from Google was published and you have to rely on your network provider to update you phone through OTA.  
If you are not lucky enough to have your network operator backing you on this you can follow below simple steps but first lets me first explain explot nature.

What is USSD

Unstructured Supplementary Service Data (USSD) is A GSM communication technology used to send messages between a mobile phone and an application server in the network. We are using it all day either for Opting in operator services to check balance it usually be in form *XXX*XXX#.

How this attack work
 The exploit use the URI (Uniform Resource Identifier) scheme  "tel" used to pass identify numbers in web page and standardized by RFC rfc3966, although the schema was designed to pass legitimate telephone numbers but it could be used to pass USSD code. So the attacker will change the "Dial strings" to have the code be sent to your phone dialer, based on this it's not just related to web browser but could also be initiated by scanned code, NFC or any other input method.
Below is a crafted link to test if you are vulnerable to this attack, if you click below and just get your IMEI (a 14 to 16 alphanumeric code) shows up, your device is vulnerable. Otherwise, you will only see *#06# on your dialer screen. CLICK HERE TO TEST
if you are effected by this you can download the Macfee from HERE