Sign Up Now FAQ
Signup Now
In order to make a post or to start a new thread and or to interact with other
members of this board, you wil need to create an account first.
If this is your first visit, be sure to check out the FAQ. You have to register before you can post. If you have any problems, please contact us.
Flash a phone to Cricket Wireless Become a supporting member of Cricket Users Forum

 
Welcome to Cricket Users!



Results 1 to 7 of 7
  1. #1
    Gold Member
    Points: 17,941, Level: 85
    Overall activity: 99.2%

    Reputation
    Reputation 94
    Join Date
    Sep 2011
    Posts
    975



    USSD 'remote wipe' hack

    My Dinc CM9 seems to be vulnerable to this. Is there a universal patch for various flashed android phones to prevent this? Any comments from the guru's here?


    USSD wipe hack info




    "Millions of
    Android


    handsets including the
    Samsung


    Galaxy S3, Galaxy S2,
    HTC


    One X and HTC Desire can be wiped just by visiting a malicious website that embeds particular code in weblinks, security experts have warned.
    Update: HTC has issued a statement saying that "our devices do not support a USSD code to factory reset option." This means that they should not be vulnerable to the exploit described below.


    A user with a vulnerable handset who visits a page and clicks a link containing the malicious code would see their phone wiped, losing personal data such as photos and texts as well as repleaceable data such as contact details and apps.


    The flaw is caused by a security hole in some versions of Android's dialler software, which allows the "tel:" URL prefix to be used on a webpage to perform functions on the phone's dialling software. Normally that is useful for functions such as initiating a call on the handset directly from a site. But the tel: prefix can also be used to pass a string of non-numeric data to the dialler.


    Special strings of characters can perform other functions; for example typing #06# on the dialler will display a phone's IMEI number. "








  2. Remove this advertisement.
  3. #2
    Member
    Points: 2,397, Level: 29
    Overall activity: 0%
    tclemens's Avatar
    Reputation
    Reputation 18
    Join Date
    Feb 2012
    Customer Since
    08-08
    Location
    shepherdsville ky
    Posts
    179
    Phone
    Galaxy S3

  4. #3
    Recognized Dev |Łĝıť.|
    Points: 49,090, Level: 100
    Overall activity: 0%
    oriax123's Avatar
    Reputation
    Reputation 135
    Join Date
    May 2011
    Location
    Alamo, Texas
    Posts
    2,045



    Well if you knew the website links you could simply edit the host file on the device and add "127.0.0.1 websitegoeshere.com" without the qoutes of course and thatll block that website from now on. But thats just what id do.
    Add me on Facebook.com/oriax123

    If I helped you, please click '*' at the bottom left of that post.



  5. #4
    Gold Member
    Points: 17,941, Level: 85
    Overall activity: 99.2%

    Reputation
    Reputation 94
    Join Date
    Sep 2011
    Posts
    975



    Thanks tclemens. Guess that means i need to flash (any CM10) or a CM9 ROM built after Sept 27?

    I've temporarily have this installed for now.

    https://play.google.com/store/apps/d...toresetblocker





  6. #5
    Member
    Points: 2,397, Level: 29
    Overall activity: 0%
    tclemens's Avatar
    Reputation
    Reputation 18
    Join Date
    Feb 2012
    Customer Since
    08-08
    Location
    shepherdsville ky
    Posts
    179
    Phone
    Galaxy S3



    yea that's the way i read it. Thats looks like a neat little app think i'll try it out thanks

  7. #6
    Gold Member
    Points: 17,941, Level: 85
    Overall activity: 99.2%

    Reputation
    Reputation 94
    Join Date
    Sep 2011
    Posts
    975



    Ok, CM10 now installed. Vulnerability gone!!!

  8. #7
    Senior Member
    Points: 11,591, Level: 70
    Overall activity: 0%
    salas's Avatar
    Reputation
    Reputation 49
    Join Date
    Aug 2011
    Location
    Houston, Texas, United States
    Posts
    1,677



    Or use something like dialer one on any custom non aosp ROM and vulnerability gone

    Sent from my Verizon Galaxy S III

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Advertise With Us?
Advertise with us? (Position 1 - Advertise with Us) Small Banner