A serious vulnerability in Android can lead to complete Data Wipe on your Android Device, Find if your device is vulnerable to this attack and Learn how to fix it before you lose your precious data.
The remote wipe hack/attack was first thought to be affecting only Samsung devices and soon after it was discovered on the Samsung SIII, The company released a Patch via the latest Software Update. If you own a Samsung SIII get the update before its too late.
Recently it was found that not only Samsung phones but indeed many other android devices are vulnerable to this attack. While the Remote Wipe hack is said to only prevail in the Samsung phones, There are many other malicious injects that other Android users need to worry about.
Some phones support special dial codes called USSDs (e.g., dialing *#06# displays the phone’s IMEI number). Through malicious links in a website, SMS, NFC beam or QR code, hackers can perform a complete factory reset on your phone, lock the SIM card, and more that too without a single Popup for confirmation or a warning message. Its like you lost control of the device you ‘once’ owned.
Check if your Android device is vulnerable to the attack.
As far as I understood, This exploit works like this:
You visit the infected page > The page fires the USSD code via your stock Dialer > The code gets executed and your device is wiped.
Do you remember visiting those Mobile Websites of restaurants where you get the “Tap to Call” button? These buttons have the following code -
tel:0123456789 underlying the button just like <a href=”google.com”> code for HTML Links.
Hackers can create a similar button with the USSD Codes (malicious) and since USSD codes are handled the same way as the Keyed in numbers the execution is instant.
Do you remember visiting those Mobile Websites of restaurants where you get the “Tap to Call” button? These buttons have the following code -
tel:0123456789 underlying the button just like <a
href=”google.com”> code for HTML Links. Hackers can create a similar
button with the USSD Codes (malicious) and since USSD codes are handled
the same way as the Keyed in numbers the execution is instant.Dylan’s page works the same but fires the *#06# USSD code which popups your IMEI code. So to check for your device’s vulnerability, Do the following.
Step 1. Visit this webpage by Dylan : [LINK] on your Android web browser (Stock browser or Opera/Firefox/Chrome).
QR Code for the Link :
Possible Fixes to this Android Vulnerability.
- Install an alternative Dialer App on your Android : Install an alternative Dialer app with confirmation messages that will prevent auto dial of USSD Codes, One such app is Dialer One. Install it and set it as the default Dialer app.
- Install TelStop or Auto – Reset Blocker security apps designed by Developers to fix this vulnerability unless manufacturers act.
- Another tip from XDA was to install another Browser but that didn’t do good as the code executed even in Opera Mini. But its worth a try along with the above fixes.
- Check for Software Updates from Manufacturers. Force update check by going to Settings > About Phone > System Update.
"I am enough of an artist to draw freely upon my imagination. Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -Albert Einstein
0 comments:
Post a Comment