• Announcements

    • Reminder - MoDaCo position on illegal content   07/30/15

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such softwareNintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)CUSTOM ROMS You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)ROMs must give full credit to the original authorISSUES If you have any issues with this policy, please contact PaulOBrien directly via PM.
    • Reminder: Selling items on the forum directly is not allowed   07/30/15

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspension / ban.
Sign in to follow this  
Followers 0

G300 ICS USSD Vulnerability

55 posts in this topic

Posted

I have no idea if there is a factory reset USSD for this however I can confirm that the USSD thing works on G300 phones (and most likely others) I am using a slightly different method of doing this instead of

<frame src=

I am using <meta http-equiv="REFRESH" content="0;url=tel:*%2306%23"></HEAD>

You can test to see if your phone is vulnerable here : http://198.100.157.97/test.html

1

Share this post


Link to post
Share on other sites

Posted (edited)

I see...

http://securitywatch...ours-vulnerable

Ooops.

I can confirm vulnerability on Gingerbread as well - tested with Gr2 but that's the stock dialler so likely a problem in all GB ROMs. Workaround - install another app for "tel" protocol handler. See post below.

Edited by Hogweed
1

Share this post


Link to post
Share on other sites

Posted (edited)

Temporary workaround http://dylanreeve.po...ote-ussd-attack

Summary of workaround: Just Install Dialer One from Play Store.

Then, if a website sends the G300 self-destruct code or whatever, you will be prompted before it is actually carried out.

Edited by Hogweed
0

Share this post


Link to post
Share on other sites

Posted

That seems to have sorted it, thanks.

0

Share this post


Link to post
Share on other sites

Posted

Not heard of this before... thanks..

So how common is this ?? Has many people been infected (not read whole article)

0

Share this post


Link to post
Share on other sites

Posted

Working here on ics too.Pretty sure its just been found so none infected yet.

0

Share this post


Link to post
Share on other sites

Posted (edited)

Seems it has only just been revealed in public but was discovered at least a few months ago. How serious it is depends on just what special codes the phone has. Some Android phones seem to have a "Wipe all Data" USSD code which executes immediately without asking the user for a confirm. So it is bye, bye time. Many Samsung and HTC phones seem to have been confirmed to be wipeable. Haven't tried any of the dangerous codes on my G300 to see what happens but the "safe" codes certainly work so I suspect so will any G300 specific "dangerous ones" - public or not. If anyone feels brave and has backups and deep pockets (in case you end up with a brick) then feel free to try some out. :-)

The code can be launched from any "infected" web page or by scanning QR codes with USSD telephone numbers. Could be embedded in an SMS or email as well.

Edited by Hogweed
0

Share this post


Link to post
Share on other sites

Posted

Any 3rd party dialler installed intercepts the action. Just tested with dialer ex

0

Share this post


Link to post
Share on other sites

Posted

this sucks....and even if we told huawei they would probably not try to sort it out anyway.

0

Share this post


Link to post
Share on other sites

Posted

So do I just need to install "Dialer One" from play store and that will protect my phone.... any other steps needed ?

0

Share this post


Link to post
Share on other sites

Posted

That's it John. its a temp workaround.

0

Share this post


Link to post
Share on other sites

Posted

That's it John. its a temp workaround.

Thanks..... :D

0

Share this post


Link to post
Share on other sites

Posted

I hope I'm not muddying the waters, with my dullness... :unsure:

I was a bit confused last night regarding what the test actually did. I've got it now, but last night I installed exdialer just because everyone was saying its the way to fix this issue. But, after sussing this out this morning I double checked and exdialer failed (i.e. showed my my imei). So, uninstalled it and checked both dialerone and the stock dialer, both succeeded in only showing the USSD code.

So, maybe my stock dialer was ok the whole time and I didn't really test it correctly, last night?

Or, the act of installing dialerone, has done something to sort the problem (if that's possible)???

I've since uninstalled dialerone, and double checked the stock dialer, and its all good now. For what's worth I'm on the 940 repack.

0

Share this post


Link to post
Share on other sites

Posted

A nice android dev has created an app to help protect against this vulnerability.

https://play.google....ulliner.telstop

diolch yn fawr

0

Share this post


Link to post
Share on other sites

Posted (edited)

Man, there are some idiots replying to that thread. 'Community experts'? Yeah right. :blink:

Edited by Cyda
0

Share this post


Link to post
Share on other sites

Posted

Good to know we are in safe hands huh?

Chuckle

0

Share this post


Link to post
Share on other sites

Posted

I hope I'm not muddying the waters, with my dullness... :unsure:

I was a bit confused last night regarding what the test actually did. I've got it now, but last night I installed exdialer just because everyone was saying its the way to fix this issue. But, after sussing this out this morning I double checked and exdialer failed (i.e. showed my my imei). So, uninstalled it and checked both dialerone and the stock dialer, both succeeded in only showing the USSD code.

So, maybe my stock dialer was ok the whole time and I didn't really test it correctly, last night?

Or, the act of installing dialerone, has done something to sort the problem (if that's possible)???

I've since uninstalled dialerone, and double checked the stock dialer, and its all good now. For what's worth I'm on the 940 repack.

I thought the point of the alternate dialler was to intercept remote access, which installing any extra dialler seems to do... instead of the code being automatically executed, you're prompted to choose a program to run it. Which for users is a simple choice if they didn't intend to run the dialler code. Did I get that wrong then?
0

Share this post


Link to post
Share on other sites

Posted

Wow those voda forum people are ignorant!

1

Share this post


Link to post
Share on other sites

Posted

Would be helpful if someone on unmodified b892 would post a photo (not a screenshot) showing both the G300 and the effect of visiting the proof of concept url. You'll need to blank out part of your imei in any uploaded pic.

0

Share this post


Link to post
Share on other sites

Posted

I don't think they are reps, merely members with experience

0

Share this post


Link to post
Share on other sites

Posted

On stock B940 doing the test does not show the imei number but just displays *#06# in the dialed number area.

So dosn't look like its vunerable.

1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.