FORUMS

[FTF] Sony Xperia Z Lollipop Release

Sony rolled out a Lollipop update for Xperia Z just yesterday. If you still haven’t gotten … more

Original Moto G Receives Lollipop, OTA Captured

The original Moto G was released almost two years ago. Motorola still continues to … more

Device Review: No.1 X1 Rugged Smartphone

We are almost at the end of Q2 for 2015, and we have seen most of the flagship phones for the … more

When a Friend or Family Member Asks for a Phone Recommendation, What Do You Tell Them?

The majority of us here at XDA would consider … more
Post Reply Subscribe to Thread Email Thread

[VULNERABILITY] Remote wipe via iframe USSD trigger

25th September 2012, 01:12 PM |#11  
sts_fin's Avatar
Member
Thanks Meter: 7
 
More
Quote:
Originally Posted by sts_fin

Easiest way to save yourself from this attack: set Chrome as your default browser, the TEL uri is not handled by chrome.

Just tested it on a SGS3 and Note... So just use chrome, and you are safe.

We have also contacted Samsung Finland about this.

Update: it works also with chrome... So no helping there.

Update to update: chrome parses the TEL: link but does not run the USSD.
Last edited by sts_fin; 25th September 2012 at 01:21 PM.
 
 
25th September 2012, 01:14 PM |#12  
Lennyuk's Avatar
Recognized Developer
Flag Essex, England
Thanks Meter: 1,675
 
Donate to Me
More
surely it depends if the browser is a system app or not?

If it is a system app chances are it has permissions to dial out, if not, it won't


EDIT:

If you are on an ICS rom please try this from whatever browsers you have installed and let me know which browser, if its a system or data app and what happens.

http://ninpo.qap.la/test/index.html

THAT LINK IS SAFE! IT TRIGGERS A SAFE USSD CODE NOT THE WIPE ONE
Last edited by Lennyuk; 25th September 2012 at 01:22 PM.
25th September 2012, 01:36 PM |#13  
Mopral's Avatar
Senior Member
Flag Saint-Brieuc
Thanks Meter: 342
 
More
Quote:
Originally Posted by Lennyuk

surely it depends if the browser is a system app or not?

If it is a system app chances are it has permissions to dial out, if not, it won't


EDIT:

If you are on an ICS rom please try this from whatever browsers you have installed and let me know which browser, if its a system or data app and what happens.

http://ninpo.qap.la/test/index.html

THAT LINK IS SAFE! IT TRIGGERS A SAFE USSD CODE NOT THE WIPE ONE

Tried on Opera mobile:

-it ask me to click before triggering the code
-I click to launch the process
-then it just open the dialer with the code "11111" in it
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2012-09-25-14-36-31.jpg
Views:	1086
Size:	19.2 KB
ID:	1353513  
Last edited by Mopral; 25th September 2012 at 01:39 PM.
25th September 2012, 01:38 PM |#14  
Senior Member
Thanks Meter: 39
 
More
SGS3 GT-I9300 ICS 4.0.4

Firefox: opens Phone app dialer, but nothing within.
Opera: Automatically suppresses frame loading and displays the warning.
Chrome: Opens Phone app dialer and shortly displays it, but does nothing.
Last edited by toncij; 25th September 2012 at 02:05 PM.
The Following User Says Thank You to toncij For This Useful Post: [ View ]
25th September 2012, 01:40 PM |#15  
Member
Thanks Meter: 1
 
More
So, from what I can tell, this *only* affects certain "TouchWiz" devices.

On standard Android, it will lauch the dialler - but the user has to hit the dial key for anything to happen.

And, depending on their device, hitting dial will try to send the code as a USSD rather than processing it internally.

Until Samsung issue an update there's little you can do other than replace the TouchWiz dialler.
25th September 2012, 01:40 PM |#16  
Junior Member
Thanks Meter: 19
 
More
It didnt work on the STANDARD GS3 browser.

The dialler opened up and there was NO number on the screen to dial. Hitting "call" brought up the last dialled number I had
25th September 2012, 01:42 PM |#17  
Junior Member
Flag Singapore
Thanks Meter: 0
 
More
Quote:
Originally Posted by Lennyuk

surely it depends if the browser is a system app or not?

If it is a system app chances are it has permissions to dial out, if not, it won't


EDIT:

If you are on an ICS rom please try this from whatever browsers you have installed and let me know which browser, if its a system or data app and what happens.

THAT LINK IS SAFE! IT TRIGGERS A SAFE USSD CODE NOT THE WIPE ONE

It's working on my HTC Desire, 2.3.4 rooted, default browser. Saw my IMEI.
It's also working on my Nexus S, 4.0.3, rooted, default browser. Saw my IMEI.

Then tried it on my SIII on 4.0.4, dialer shows up, but nothing happens.
Last edited by chaoszcat; 25th September 2012 at 01:51 PM.
25th September 2012, 01:45 PM |#18  
rovar's Avatar
Senior Member
Flag Cancun
Thanks Meter: 90
 
More
Quote:
Originally Posted by Lennyuk

surely it depends if the browser is a system app or not?

If it is a system app chances are it has permissions to dial out, if not, it won't


EDIT:

If you are on an ICS rom please try this from whatever browsers you have installed and let me know which browser, if its a system or data app and what happens.

http://ninpo.qap.la/test/index.html

THAT LINK IS SAFE! IT TRIGGERS A SAFE USSD CODE NOT THE WIPE ONE

This affects firefox and chrome on an epic touch 4G.
And I'll see myself out

Tappin' Typin'
25th September 2012, 01:56 PM |#19  
AladdinZ's Avatar
Senior Member
Flag Devil's Lair
Thanks Meter: 79
 
More
This is very serious and really bad, I just saw the news and checked if XDA members are aware and voila, everyone is worried. We really need a patch from Samsung as soon as possible. I wonder USSD codes exists in a lot of devices and not only Samsung phones, will it be vulnerable similar to us S3 users?
25th September 2012, 01:56 PM |#20  
Senior Member
Thanks Meter: 2
 
More
Android 4.1.1 and stock Phone app = safe. Code is displayed in phone app but nothing happens. But when i opened the link with touchpal dialer, IMEI has been displayed. When I clicked the link, system asked me which phone app i want to use to open. Either cancel it or choose a stock one and you are safe.
Post Reply Subscribe to Thread

Tags
galaxy s3, iframe, samsung, ussd, wipe
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes