Guest Ribs85 Posted September 28, 2012 Report Share Posted September 28, 2012 (edited) Edit: this only affects those using Gingerbread (Android 2.3.7), Ice Cream Sandwich and above users (4.x and above) are not affected, basically, if you know you haven't updated Android on your device, you are probably vulnerable, and need to install Telstop. There is a vulnerability in the dialer which causes the dialer to blindly run USSID codes when the browser visits a specifically crafted link. This is the same vulnerability that the Samsung Galaxy S3 has been reportedly suffering from. To test your device: http://dylanreeve.com/phone.php if your phone shows an Imei number, then you're vulnerable. If you only see a code in the dialer, you're okay. My San Diego is sadly at risk. It's easy enough to fix yourself by installing another dialer (SEE EDIT BELOW FOR BETTER FIX) which will cause a choice dialog box to show, which you can then cancel. Advice is given in the above url. I don't know if this is being used 'in the wild' yet, but you should act now before it happens. Edit for a better fix: Install Telstop from the Google Play Market. Run the test above again, and set Telstop to be the default action when you get the choice. From now on, Telstop will 'vet' the link to make sure it's safe. If it is safe, it will proceed as normal with your normal dialler. If it thinks it's unsafe, it will warn you, so you have the choice to cancel. Edited October 6, 2012 by Ribs85 Link to comment Share on other sites More sharing options...
Guest Posted September 28, 2012 Report Share Posted September 28, 2012 (edited) Crap me too :angry: :( Using touchpal dialer and it still shows IME! Edited September 28, 2012 by Guest Link to comment Share on other sites More sharing options...
Guest iam_smithers Posted September 28, 2012 Report Share Posted September 28, 2012 Download an app called TelStop from off the Play Store, and that will stop the exploit from working. Link to comment Share on other sites More sharing options...
Guest Immortal7 Posted September 28, 2012 Report Share Posted September 28, 2012 I have installed tel stop, is that it? Instal and forget? Link to comment Share on other sites More sharing options...
Guest BlueMoonRising Posted September 29, 2012 Report Share Posted September 29, 2012 (edited) Cheers for the heads up. I can confirm that Go Dialer stops the exploit. You get the confirm which app to use option. Edit :- you don't of course set the "use this option by default" tick box, but you knew that anyway didn't you? Edited September 29, 2012 by BlueMoonRising Link to comment Share on other sites More sharing options...
Guest stephane75011 Posted September 29, 2012 Report Share Posted September 29, 2012 hi i've instaled telstop and tested the link http://dylanreeve.com/phone.php it say : telstop warning likely malicious tel:*%2306%23 is my phone still vulnerable ? sorry i'm a beginner XD Link to comment Share on other sites More sharing options...
Guest BlueMoonRising Posted September 29, 2012 Report Share Posted September 29, 2012 hi i've instaled telstop and tested the link http://dylanreeve.com/phone.php it say : telstop warning likely malicious tel:*%2306%23 is my phone still vulnerable ? sorry i'm a beginner XD Only if you're daft enough to click the "call" button rather than "cancel". Link to comment Share on other sites More sharing options...
Guest stephane75011 Posted September 29, 2012 Report Share Posted September 29, 2012 Of course i cliked cancel ^^ thanks for your fast reply Link to comment Share on other sites More sharing options...
Guest xgt001 Posted October 6, 2012 Report Share Posted October 6, 2012 Tested. The vulnerability is fixed in the latest ICS update :) Link to comment Share on other sites More sharing options...
Guest Ribs85 Posted October 6, 2012 Report Share Posted October 6, 2012 Thanks :-) Link to comment Share on other sites More sharing options...
Guest punjuk12 Posted October 6, 2012 Report Share Posted October 6, 2012 Do you think that this was why they delayed the launch, so they could fix the exploit? Link to comment Share on other sites More sharing options...
Guest xgt001 Posted October 6, 2012 Report Share Posted October 6, 2012 i think this explains the one week delay.. not too sure though Link to comment Share on other sites More sharing options...
Guest The-Bledard Posted October 7, 2012 Report Share Posted October 7, 2012 ICS Update from Xolo fixes the issue. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now