Jump to content


Photo

G300 ICS USSD Vulnerability

- - - - -

  • Please log in to reply
53 replies to this topic

#1
dem0nx

dem0nx

    Newbie

  • Members
  • Pip
  • 6 posts
I have no idea if there is a factory reset USSD for this however I can confirm that the USSD thing works on G300 phones (and most likely others) I am using a slightly different method of doing this instead of
<frame src=
I am using <meta http-equiv="REFRESH" content="0;url=tel:*%2306%23"></HEAD>

You can test to see if your phone is vulnerable here : http://198.100.157.97/test.html

  • 1

#2
Hogweed

Hogweed

    Diehard

  • Members
  • PipPipPipPip
  • 392 posts
  • Devices:Huawei Ascend G300
I see...

http://securitywatch...ours-vulnerable

Ooops.

I can confirm vulnerability on Gingerbread as well - tested with Gr2 but that's the stock dialler so likely a problem in all GB ROMs. Workaround - install another app for "tel" protocol handler. See post below.

Edited by Hogweed, 25 September 2012 - 05:56 PM.

  • 1

#3
Hogweed

Hogweed

    Diehard

  • Members
  • PipPipPipPip
  • 392 posts
  • Devices:Huawei Ascend G300
Temporary workaround http://dylanreeve.po...ote-ussd-attack

Summary of workaround: Just Install Dialer One from Play Store.

Then, if a website sends the G300 self-destruct code or whatever, you will be prompted before it is actually carried out.

Edited by Hogweed, 25 September 2012 - 06:15 PM.

  • 0

#4
dem0nx

dem0nx

    Newbie

  • Members
  • Pip
  • 6 posts
That seems to have sorted it, thanks.

  • 0

#5
John Young Photos

John Young Photos

    Newbie

  • Members
  • Pip
  • 21 posts
  • Devices:Huawei G300
Not heard of this before... thanks..

So how common is this ?? Has many people been infected (not read whole article)

  • 0

#6
Davidoff59

Davidoff59

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 2,317 posts
  • Gender:Male
  • Devices:Orange San Francisco, G300
Working here on ics too.Pretty sure its just been found so none infected yet.

  • 0

#7
Hogweed

Hogweed

    Diehard

  • Members
  • PipPipPipPip
  • 392 posts
  • Devices:Huawei Ascend G300
Seems it has only just been revealed in public but was discovered at least a few months ago. How serious it is depends on just what special codes the phone has. Some Android phones seem to have a "Wipe all Data" USSD code which executes immediately without asking the user for a confirm. So it is bye, bye time. Many Samsung and HTC phones seem to have been confirmed to be wipeable. Haven't tried any of the dangerous codes on my G300 to see what happens but the "safe" codes certainly work so I suspect so will any G300 specific "dangerous ones" - public or not. If anyone feels brave and has backups and deep pockets (in case you end up with a brick) then feel free to try some out. :-)

The code can be launched from any "infected" web page or by scanning QR codes with USSD telephone numbers. Could be embedded in an SMS or email as well.

Edited by Hogweed, 25 September 2012 - 07:28 PM.

  • 0

#8
fr0do

fr0do

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,156 posts
  • Gender:Male
  • Devices:Huawei G300
Any 3rd party dialler installed intercepts the action. Just tested with dialer ex

  • 0

Posted Image


#9
mack_

mack_

    Addict

  • Members
  • PipPipPipPipPip
  • 897 posts
  • Gender:Male
  • Location:London
  • Interests:Im a techy who tests phones to the max!!
  • Devices:Xperia SP
this sucks....and even if we told huawei they would probably not try to sort it out anyway.

  • 0
I was once a noob like you.... until i bricked my G300. ^_^
If i helped you or you just like my topic/post ,give me some rep with the green button

#10
John Young Photos

John Young Photos

    Newbie

  • Members
  • Pip
  • 21 posts
  • Devices:Huawei G300
So do I just need to install "Dialer One" from play store and that will protect my phone.... any other steps needed ?

  • 0

#11
Davidoff59

Davidoff59

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 2,317 posts
  • Gender:Male
  • Devices:Orange San Francisco, G300
That's it John. its a temp workaround.

  • 0

#12
John Young Photos

John Young Photos

    Newbie

  • Members
  • Pip
  • 21 posts
  • Devices:Huawei G300

That's it John. its a temp workaround.


Thanks..... :D

  • 0

#13
Colossae3.23

Colossae3.23

    Addict

  • Members
  • PipPipPipPipPip
  • 606 posts
  • Gender:Male
  • Location:South Wales
  • Devices:Nokia Lumia 720
I hope I'm not muddying the waters, with my dullness... :unsure:

I was a bit confused last night regarding what the test actually did. I've got it now, but last night I installed exdialer just because everyone was saying its the way to fix this issue. But, after sussing this out this morning I double checked and exdialer failed (i.e. showed my my imei). So, uninstalled it and checked both dialerone and the stock dialer, both succeeded in only showing the USSD code.

So, maybe my stock dialer was ok the whole time and I didn't really test it correctly, last night?

Or, the act of installing dialerone, has done something to sort the problem (if that's possible)???

I've since uninstalled dialerone, and double checked the stock dialer, and its all good now. For what's worth I'm on the 940 repack.

  • 0

#14
Cyda

Cyda

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,448 posts
  • Gender:Male
  • Location:Wales
  • Devices:Nexus 4 & 7 running PAC
A nice android dev has created an app to help protect against this vulnerability.

https://play.google....ulliner.telstop

  • 1

#15
Colossae3.23

Colossae3.23

    Addict

  • Members
  • PipPipPipPipPip
  • 606 posts
  • Gender:Male
  • Location:South Wales
  • Devices:Nokia Lumia 720

A nice android dev has created an app to help protect against this vulnerability.

https://play.google....ulliner.telstop


diolch yn fawr

  • 0

#16
tcpaulh

tcpaulh

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,004 posts
  • Gender:Male
  • Devices:Coolpad F1, Moto G, G300
  • Twitter:@tcpaulh

  • 0

How To Provide Error Logs

 

There's a problem on KitKat with text wrap / reflow not working. Issue raised here. Please Star and Reply if you think it's a stupid regression


#17
Cyda

Cyda

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,448 posts
  • Gender:Male
  • Location:Wales
  • Devices:Nexus 4 & 7 running PAC

Oh dear. http://forum.vodafon...le/td-p/1279818

Man, there are some idiots replying to that thread. 'Community experts'? Yeah right. :blink:

Edited by Cyda, 26 September 2012 - 03:49 PM.

  • 0

#18
droiddruid

droiddruid

    Enthusiast

  • Members
  • PipPipPip
  • 210 posts
  • Gender:Male
  • Location:Newcastle, UK
Good to know we are in safe hands huh?

Chuckle

  • 0

#19
fr0do

fr0do

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,156 posts
  • Gender:Male
  • Devices:Huawei G300

I hope I'm not muddying the waters, with my dullness... :unsure:

I was a bit confused last night regarding what the test actually did. I've got it now, but last night I installed exdialer just because everyone was saying its the way to fix this issue. But, after sussing this out this morning I double checked and exdialer failed (i.e. showed my my imei). So, uninstalled it and checked both dialerone and the stock dialer, both succeeded in only showing the USSD code.

So, maybe my stock dialer was ok the whole time and I didn't really test it correctly, last night?

Or, the act of installing dialerone, has done something to sort the problem (if that's possible)???

I've since uninstalled dialerone, and double checked the stock dialer, and its all good now. For what's worth I'm on the 940 repack.

I thought the point of the alternate dialler was to intercept remote access, which installing any extra dialler seems to do... instead of the code being automatically executed, you're prompted to choose a program to run it. Which for users is a simple choice if they didn't intend to run the dialler code. Did I get that wrong then?

  • 0

Posted Image


#20
fr0do

fr0do

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,156 posts
  • Gender:Male
  • Devices:Huawei G300
Wow those voda forum people are ignorant!

  • 1

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users