Skip to main content

Android USSD Control Code Problem

I have posted this on my other blog, but it seems to be pretty important so I wanted to add this small voice to the existing warnings to Android users (of which I am one).

So, if you have an Android phone, you need to be aware of a recently-discovered exploit. Most smartphone brands appear to be affected, not just Samsung devices as initially reported. Simply put, baddies can embed USSD codes in links, QR Codes, web pages and so on that can seriously muck up your device, including wiping the SIM – unless you are running the very latest version of Android – and only around 1 or 2 percent are running 4.1.x.





USSD (Unstructured Supplementary Service Data) codes can be used to issue commands to Android devices, and on most versions of Android the commands are accepted without prompting you. Apple’s iPhone handles these codes differently and don’t appear to be affected by any of this.

What to do? Firstly, you can check if your Android device is indeed vulnerable by browsing to this site on your phone’s browser:


If the vulnerability is present, then here are some steps you can take:

1 – update to the latest version of Android – version 4.1.x This is not as easy as it sounds unless you have a device running a “pure” version of Android, such as a Nexus phone – most carriers only issue updates infequently.

2 – install and use a different browser from the default one, that will help in web page-based attacks (but not from QR codes or elsewhere)

3 – install one of several free Apps from the Google Play Store that can filter these commands for you. The one I am using is from G Data and is called “USSD Filter“.

This is a real-world problem, and the exploits are out there, so it’s something you definitely need to take care of in my opinion.
H-Security

Comments

Popular posts from this blog

VPN Use Is Up, Up, Up

Since the repeal of the Broadband Consumer Privacy Rules, VPN use and traffic is rather predictably spiking, according to many VPN providers. VPNs are not the b-all and end-all of privacy though, and indeed the usual cretins have stepped in to provide shady VPN services that may actually sell on user data.

Also remember:
ISPs still track your location data and DNS records, even if you're using a VPN. Similarly, a VPN doesn't stop a company from using on-device snoopware to track you (remember Carrier IQ?). Neither will it stop ISPs from charging you a premium for privacy (something both AT&T and Comcast have already experimented with). Nor will a VPN stop a company from using your credit score to provide worse customer service (something CableONE has crowed about). DSL Reports

Microsoft's Mild Mea Culpa Over Windows 10 Obscure Upgrade "Choice"

In a cleansing act before the turn of the year, a Microsoft bigwig has admitted that they may have gotten a little carried away in their zeal to upgrade as many users as possible to Windows 10.
Specifically, Chief Marketing Officer Chris Capossela referred to the upgrade notification that appeared to be deliberately deceptive in the way it handled a users response. If a user clicked the red "X" at the top right of the notice, that closed the dialog box but went ahead and installed the upgrade anyway.
To actually not accept the upgrade, you had to click a link in the notification window itself. Not a few users would come back later and find their system upgraded to Windows 10, or in the process of doing so, when they thought they had expressed their wish not to do so. "Within a couple of hours of that hitting the world, with the listening systems we have, we knew that we had gone too far and then, of course, it takes some time to roll out the update that changes that …

pCloud Cloud Storage On Linux

As a cheapskate user of the Dropbox free plan, I was looking to see if there was another provider that offered a little more free storage than the 2GB from Dropbox (I actually have 2.5GB, due to a couple of bonus offers).
After a bit of research, I came up with Swiss-based pCloud: it has a client for Linux, as well as Windows, Mac, iOS and Android. The free tier offers 10GB of Cloud storage with no file size limits, which is fantastic for my (pretty basic) needs. You can set up your account first from the pCloud website, or during the client install process.