USSD Security Gap: How To Protect Your Smartphone

On the Ekoparty Security Conference in Buenos Aires hacker has presented a serious security gap Ravi Borgaonkar. Borgaonkar conducts research at the TU Berlin in the area of security in telecommunications. As an example, he showed on the Samsung Galaxy S3 that exploit a USSD code it is possible to reset the phone to factory settings without the need of confirmation of the owner for that. This deletes all data completely from your phone. To give the devastating command of, or it is sufficient if the attacker sends a WAP-push message with the corresponding code on a Smartphone on a mobile Web page embeds.


YouTube video: demonstration of the Galaxy hacks 

Update (9 October 2012) anti virus manufacturer supplies blocking app ESET anti virus manufacturer has made to work to get to reset your phone to factory settings from a distance in the handle, and the app ESET USSD control developed. The software protects not only devices with Android operating system, but also with Windows Mobile and Symbian, and is available in the Google play store or the manufacturer’s website as a standalone program to download free.

download: download ESET USSD control play store

Samsung devices not only affected
the bug is apparently not (as first reported) only in Samsung devices, but concerns also smartphones of other manufacturers: A list of affected devices can be found at AndroidPit. This, apparently mainly devices are at risk, running on Android 4.0 or 4.0.3. At the jelly bean version, the problem is obviously not.

Overview: the best smartphones

100 mobile phones, Samsung, Apple, HTC, LG & co. Patch or no patch?
Samsung said in a statement to the international business times, to have patched the vulnerability of the Galaxy S3 with a recent OTA update have according to first reports, but not all S3 smartphones receive this update.

So protect yourself developer Jörg Voss now programmed a small app that should protect vulnerable Smartphones from unwanted reboot. You can download NoTelURL for free from the Google play store and install. The app is intended to prevent that USSD codes without your consent can be performed by you gives you the choice to open the code with your phone or with the NoTelURL app. Select the second option, the app blocks the attack and your mobile is safe. COMPUTER image tested the app with the HTC one V. result: blocked the automatic opening of USSD codes.