Jump to content

G300 ICS USSD Vulnerability

Guest dem0nx

By Guest dem0nx
in Huawei Ascend G300 - G300.MoDaCo.com

 Share

Recommended Posts

Guest dem0nx

Guest dem0nx

Posted
Posted

I have no idea if there is a factory reset USSD for this however I can confirm that the USSD thing works on G300 phones (and most likely others) I am using a slightly different method of doing this instead of

<frame src=

I am using <meta http-equiv="REFRESH" content="0;url=tel:*%2306%23"></HEAD>

You can test to see if your phone is vulnerable here : http://198.100.157.97/test.html

Link to comment
Share on other sites
  • Replies 54
  • Created
  • Last Reply

Popular Days

Popular Days

Popular Posts

Guest dem0nx
Guest dem0nx

I have no idea if there is a factory reset USSD for this however I can confirm that the USSD thing works on G300 phones (and most likely others) I am using a slightly different method of doing this in

Guest Hogweed
Guest Hogweed

I see... http://securitywatch...ours-vulnerable Ooops. I can confirm vulnerability on Gingerbread as well - tested with Gr2 but that's the stock dialler so likely a problem in all GB ROMs. W

Guest Cyda
Guest Cyda

A nice android dev has created an app to help protect against this vulnerability. https://play.google.com/store/apps/details?id=org.mulliner.telstop

Posted Images

Guest Hogweed

Guest Hogweed

Posted
Posted (edited)

Seems it has only just been revealed in public but was discovered at least a few months ago. How serious it is depends on just what special codes the phone has. Some Android phones seem to have a "Wipe all Data" USSD code which executes immediately without asking the user for a confirm. So it is bye, bye time. Many Samsung and HTC phones seem to have been confirmed to be wipeable. Haven't tried any of the dangerous codes on my G300 to see what happens but the "safe" codes certainly work so I suspect so will any G300 specific "dangerous ones" - public or not. If anyone feels brave and has backups and deep pockets (in case you end up with a brick) then feel free to try some out. :-)

The code can be launched from any "infected" web page or by scanning QR codes with USSD telephone numbers. Could be embedded in an SMS or email as well.

Edited by Hogweed
Link to comment
Share on other sites
Guest Colossae3.23

Guest Colossae3.23

Posted
Posted

I hope I'm not muddying the waters, with my dullness... :unsure:

I was a bit confused last night regarding what the test actually did. I've got it now, but last night I installed exdialer just because everyone was saying its the way to fix this issue. But, after sussing this out this morning I double checked and exdialer failed (i.e. showed my my imei). So, uninstalled it and checked both dialerone and the stock dialer, both succeeded in only showing the USSD code.

So, maybe my stock dialer was ok the whole time and I didn't really test it correctly, last night?

Or, the act of installing dialerone, has done something to sort the problem (if that's possible)???

I've since uninstalled dialerone, and double checked the stock dialer, and its all good now. For what's worth I'm on the 940 repack.

Link to comment
Share on other sites
Guest fr0do

Guest fr0do

Posted
Posted
I hope I'm not muddying the waters, with my dullness... :unsure:

I was a bit confused last night regarding what the test actually did. I've got it now, but last night I installed exdialer just because everyone was saying its the way to fix this issue. But, after sussing this out this morning I double checked and exdialer failed (i.e. showed my my imei). So, uninstalled it and checked both dialerone and the stock dialer, both succeeded in only showing the USSD code.

So, maybe my stock dialer was ok the whole time and I didn't really test it correctly, last night?

Or, the act of installing dialerone, has done something to sort the problem (if that's possible)???

I've since uninstalled dialerone, and double checked the stock dialer, and its all good now. For what's worth I'm on the 940 repack.

I thought the point of the alternate dialler was to intercept remote access, which installing any extra dialler seems to do... instead of the code being automatically executed, you're prompted to choose a program to run it. Which for users is a simple choice if they didn't intend to run the dialler code. Did I get that wrong then?
Link to comment
Share on other sites
Guest tcpaulh

Guest tcpaulh

Posted
Posted

Would be helpful if someone on unmodified b892 would post a photo (not a screenshot) showing both the G300 and the effect of visiting the proof of concept url. You'll need to blank out part of your imei in any uploaded pic.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept