• Announcements

    • Reminder - MoDaCo position on illegal content   07/30/15

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such softwareNintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)CUSTOM ROMS You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)ROMs must give full credit to the original authorISSUES If you have any issues with this policy, please contact PaulOBrien directly via PM.
    • Reminder: Selling items on the forum directly is not allowed   07/30/15

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspension / ban.
Sign in to follow this  
Followers 0

Orange San Diego is vulnerable to the USSD exploit. Act NOW before scrotes wipe your phone

13 posts in this topic

Posted (edited)

Edit: this only affects those using Gingerbread (Android 2.3.7), Ice Cream Sandwich and above users (4.x and above) are not affected, basically, if you know you haven't updated Android on your device, you are probably vulnerable, and need to install Telstop.

There is a vulnerability in the dialer which causes the dialer to blindly run USSID codes when the browser visits a specifically crafted link. This is the same vulnerability that the Samsung Galaxy S3 has been reportedly suffering from.

To test your device:

http://dylanreeve.com/phone.php

if your phone shows an Imei number, then you're vulnerable. If you only see a code in the dialer, you're okay. My San Diego is sadly at risk. It's easy enough to fix yourself by installing another dialer (SEE EDIT BELOW FOR BETTER FIX) which will cause a choice dialog box to show, which you can then cancel. Advice is given in the above url.

I don't know if this is being used 'in the wild' yet, but you should act now before it happens.

Edit for a better fix: Install Telstop from the Google Play Market. Run the test above again, and set Telstop to be the default action when you get the choice. From now on, Telstop will 'vet' the link to make sure it's safe. If it is safe, it will proceed as normal with your normal dialler. If it thinks it's unsafe, it will warn you, so you have the choice to cancel.

Edited by Ribs85
0

Share this post


Link to post
Share on other sites

Posted (edited)

Crap me too :angry: :(

Using touchpal dialer and it still shows IME!

Edited by jikobutsu
0

Share this post


Link to post
Share on other sites

Posted

Download an app called TelStop from off the Play Store, and that will stop the exploit from working.

0

Share this post


Link to post
Share on other sites

Posted

I have installed tel stop, is that it? Instal and forget?

0

Share this post


Link to post
Share on other sites

Posted (edited)

Cheers for the heads up. I can confirm that Go Dialer stops the exploit. You get the confirm which app to use option.

Edit :- you don't of course set the "use this option by default" tick box, but you knew that anyway didn't you?

Edited by BlueMoonRising
0

Share this post


Link to post
Share on other sites

Posted

hi i've instaled telstop and tested the link http://dylanreeve.com/phone.php

it say : telstop warning likely malicious tel:*%2306%23

is my phone still vulnerable ? sorry i'm a beginner XD

0

Share this post


Link to post
Share on other sites

Posted

hi i've instaled telstop and tested the link http://dylanreeve.com/phone.php

it say : telstop warning likely malicious tel:*%2306%23

is my phone still vulnerable ? sorry i'm a beginner XD

Only if you're daft enough to click the "call" button rather than "cancel".

0

Share this post


Link to post
Share on other sites

Posted

Of course i cliked cancel ^^

thanks for your fast reply

0

Share this post


Link to post
Share on other sites

Posted

Tested. The vulnerability is fixed in the latest ICS update :)

0

Share this post


Link to post
Share on other sites

Posted

Thanks :-)

0

Share this post


Link to post
Share on other sites

Posted

Do you think that this was why they delayed the launch, so they could fix the exploit?

0

Share this post


Link to post
Share on other sites

Posted

i think this explains the one week delay.. not too sure though

0

Share this post


Link to post
Share on other sites

Posted

ICS Update from Xolo fixes the issue.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.