Jump to content
Sign in to follow this  
dem0nx

G300 ICS USSD Vulnerability

Recommended Posts

Stock dialer no other dialer installed.

No wifi or any other bugs as far as I'm concerned and seems to be the fastest of the ICS roms.

Share this post


Link to post
Share on other sites

Would be helpful if someone on unmodified b892 would post a photo (not a screenshot) showing both the G300 and the effect of visiting the proof of concept url. You'll need to blank out part of your imei in any uploaded pic.

Sorry, can't post a photo of it but can definitely confirm 100% that totally stock unmodified B892 displays the IMEI immediately on visiting the proof of concept site.

Share this post


Link to post
Share on other sites

Answered my own question.......deleted

Edited by bryfly

Share this post


Link to post
Share on other sites

I thought the point of the alternate dialler was to intercept remote access, which installing any extra dialler seems to do... instead of the code being automatically executed, you're prompted to choose a program to run it. Which for users is a simple choice if they didn't intend to run the dialler code. Did I get that wrong then?

I thought that too at first but once I choose the dialer (in the pop up) it still gave me my imei, which means that an USSD attack would be successful. What you want to happen is for the USSD code to show on dialer, queued up sand ready to dial. That means it's not dialling automatically. So then you would just delete (backspace) the code out of the dialer. That's how I understand it...

Edited by Colossae3.23

Share this post


Link to post
Share on other sites

I thought that too at first but once I choose the dialer (in the pop up) it still gave me my imei, which means that an USSD attack would be successful. What you want to happen is for the USSD code to show on dialer, queued up sand ready to dial. That means it's not dialling automatically. So then you would just delete (backspace) the code out of the dialer. That's how I understand it...

Why the he'll would you choose the dialler if you didn't mean to launch it but some website had?? Forcing the choice is your 1st line of defence surely?

Share this post


Link to post
Share on other sites

You mean the pop up to choose which dialer, right? Yeah, I think you are right in that regard, because you could just back out of that choice. But, when I was testing it I made exdialer default, and then retested and it automatically showed the imei. So, that was no good.

So, to do what you are saying, you'd have to not make any dialer default, so you always get the choice. I get that, but I don't think that's what those articles were saying. See, the way its working for me now, is it doesn't dial that test code, automatically, even if I make one of them default. The USSD code just sits there on the dialer waiting for you to push call (just like you dialled a number by hand). So you just delete it.

But all that aside, that app that Cyda posted does the trick too, and it suggests whether the code may be malicous or not. That's a nice thing to have :)

PS: @ frodo, I installed 940 with cwm, I wonder if that makes any difference?

@ redflake how did you install it? Cause neither of us have the auto dial issue

Edited by Colossae3.23

Share this post


Link to post
Share on other sites

I thought that too at first but once I choose the dialer (in the pop up) it still gave me my imei, which means that an USSD attack would be successful. What you want to happen is for the USSD code to show on dialer, queued up sand ready to dial. That means it's not dialling automatically. So then you would just delete (backspace) the code out of the dialer. That's how I understand it...

Thats what i get with the stock dialer on stock B940. CWM install. I don't have the auto dial issue as seen below.

post-791090-0-99261800-1348693753_thumb.

Edited by Redflake

Share this post


Link to post
Share on other sites

Thats what i get with the stock dialer on stock B940.

yeah that's it. That's what happens to me now. But, when I tried exdialer this morning, it showed the imei number automatically. Now after uninstalling that and using the stock dialer, this is what I get too.How did you install 940? Did you flash the zip in cwm, or did you do the full update method?

Share this post


Link to post
Share on other sites

dialer one will not execute the code unprompted.

yeah I got that with dialer one, also. My thing was I jumped the gun last night not really understanding it all, and went loaded both those 3rd party dialers. Thing is, it looks like my stock dialer never had the auto dial issue in the first place, just like redflake is saying.

Share this post


Link to post
Share on other sites

yeah that's it. That's what happens to me now. But, when I tried exdialer this morning, it showed the imei number automatically. Now after uninstalling that and using the stock dialer, this is what I get too.How did you install 940? Did you flash the zip in cwm, or did you do the full update method?

I installed B940 with CWM. Think I used B934 update app when I first went to ICS.

Share this post


Link to post
Share on other sites

I think I remember 934 waiting for me to confirm dialling. What base did you cwm over Colossae3.23

I have cyda's linked app too now

Edited by fr0do

Share this post


Link to post
Share on other sites

I think I remember 934 waiting for me to confirm dialling. What base did you cwm over Colossae3.23

I have cyda's linked app too now

I think its 926, that's what I jumped to, from AtomicMod

Edit: sorry just re-read that. I was on Infusion before the cwm to 940. Pretty sure that was the 934 variety of Infusion

Edited by Colossae3.23

Share this post


Link to post
Share on other sites

Stock ICS is not vulnerable. You don't need the protection other devices are employing.

Share this post


Link to post
Share on other sites

Now it has quietened down a bit, what is the best thing to do for us less expierenced users…..

1) Install telstop.

2) Install dialer one.

3) Its ok, do nothing.

Share this post


Link to post
Share on other sites

well its just a case of doing nothing as i will .

Share this post


Link to post
Share on other sites

Summary: Almost all Android phones have a code used for changing the SIM card PIN. Call this several times with an invalid PUK code and it will lock the SIM permanently. The multiple calls can all be embedded on the one web page.

Personally I've discovered I really like Dialer One. I changed settings for colour scheme and screen layouts and I think it is much better than the stock dialler. Really Like the old school (T9) way of entering a name from your contact list by just entering the first few letters on the NUMERIC keypad. Much faster for me anyway. Set as my default for now.

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.