Jump to content

G300 ICS USSD Vulnerability

Guest dem0nx

By Guest dem0nx
in Huawei Ascend G300 - G300.MoDaCo.com

 Share

Recommended Posts

Guest Davidoff59

Guest Davidoff59

Posted
Posted

is that on stock dialler with no other dialler installed? B940 has bugs with wifi doesn't it amongst other bugs?

  • Replies 54
  • Created
  • Last Reply

Popular Days

Popular Days

Popular Posts

Guest dem0nx
Guest dem0nx

I have no idea if there is a factory reset USSD for this however I can confirm that the USSD thing works on G300 phones (and most likely others) I am using a slightly different method of doing this in

Guest Hogweed
Guest Hogweed

I see... http://securitywatch...ours-vulnerable Ooops. I can confirm vulnerability on Gingerbread as well - tested with Gr2 but that's the stock dialler so likely a problem in all GB ROMs. W

Guest Cyda
Guest Cyda

A nice android dev has created an app to help protect against this vulnerability. https://play.google.com/store/apps/details?id=org.mulliner.telstop

Posted Images

Guest Redflake

Guest Redflake

Posted
Posted

Stock dialer no other dialer installed.

No wifi or any other bugs as far as I'm concerned and seems to be the fastest of the ICS roms.

Guest fr0do

Guest fr0do

Posted
Posted

I'm on stock B940, full update. Failed test. (no issues with wifi here either)

Guest Al_1604

Guest Al_1604

Posted
Posted

Would be helpful if someone on unmodified b892 would post a photo (not a screenshot) showing both the G300 and the effect of visiting the proof of concept url. You'll need to blank out part of your imei in any uploaded pic.

Sorry, can't post a photo of it but can definitely confirm 100% that totally stock unmodified B892 displays the IMEI immediately on visiting the proof of concept site.

Guest bryfly

Guest bryfly

Posted
Posted (edited)

Answered my own question.......deleted

Edited by bryfly
Guest Colossae3.23

Guest Colossae3.23

Posted
Posted (edited)

I thought the point of the alternate dialler was to intercept remote access, which installing any extra dialler seems to do... instead of the code being automatically executed, you're prompted to choose a program to run it. Which for users is a simple choice if they didn't intend to run the dialler code. Did I get that wrong then?

I thought that too at first but once I choose the dialer (in the pop up) it still gave me my imei, which means that an USSD attack would be successful. What you want to happen is for the USSD code to show on dialer, queued up sand ready to dial. That means it's not dialling automatically. So then you would just delete (backspace) the code out of the dialer. That's how I understand it...

Edited by Colossae3.23
Guest fr0do

Guest fr0do

Posted
Posted

I thought that too at first but once I choose the dialer (in the pop up) it still gave me my imei, which means that an USSD attack would be successful. What you want to happen is for the USSD code to show on dialer, queued up sand ready to dial. That means it's not dialling automatically. So then you would just delete (backspace) the code out of the dialer. That's how I understand it...

Why the he'll would you choose the dialler if you didn't mean to launch it but some website had?? Forcing the choice is your 1st line of defence surely?
Guest Colossae3.23

Guest Colossae3.23

Posted
Posted (edited)

You mean the pop up to choose which dialer, right? Yeah, I think you are right in that regard, because you could just back out of that choice. But, when I was testing it I made exdialer default, and then retested and it automatically showed the imei. So, that was no good.

So, to do what you are saying, you'd have to not make any dialer default, so you always get the choice. I get that, but I don't think that's what those articles were saying. See, the way its working for me now, is it doesn't dial that test code, automatically, even if I make one of them default. The USSD code just sits there on the dialer waiting for you to push call (just like you dialled a number by hand). So you just delete it.

But all that aside, that app that Cyda posted does the trick too, and it suggests whether the code may be malicous or not. That's a nice thing to have :)

PS: @ frodo, I installed 940 with cwm, I wonder if that makes any difference?

@ redflake how did you install it? Cause neither of us have the auto dial issue

Edited by Colossae3.23
Guest Redflake

Guest Redflake

Posted
Posted (edited)

I thought that too at first but once I choose the dialer (in the pop up) it still gave me my imei, which means that an USSD attack would be successful. What you want to happen is for the USSD code to show on dialer, queued up sand ready to dial. That means it's not dialling automatically. So then you would just delete (backspace) the code out of the dialer. That's how I understand it...

Thats what i get with the stock dialer on stock B940. CWM install. I don't have the auto dial issue as seen below.

post-791090-0-99261800-1348693753_thumb.

Edited by Redflake
Guest Colossae3.23

Guest Colossae3.23

Posted
Posted

Thats what i get with the stock dialer on stock B940.

yeah that's it. That's what happens to me now. But, when I tried exdialer this morning, it showed the imei number automatically. Now after uninstalling that and using the stock dialer, this is what I get too.How did you install 940? Did you flash the zip in cwm, or did you do the full update method?

Guest Colossae3.23

Guest Colossae3.23

Posted
Posted

dialer one will not execute the code unprompted.

yeah I got that with dialer one, also. My thing was I jumped the gun last night not really understanding it all, and went loaded both those 3rd party dialers. Thing is, it looks like my stock dialer never had the auto dial issue in the first place, just like redflake is saying.

Guest Redflake

Guest Redflake

Posted
Posted

yeah that's it. That's what happens to me now. But, when I tried exdialer this morning, it showed the imei number automatically. Now after uninstalling that and using the stock dialer, this is what I get too.How did you install 940? Did you flash the zip in cwm, or did you do the full update method?

I installed B940 with CWM. Think I used B934 update app when I first went to ICS.

Guest fr0do

Guest fr0do

Posted
Posted (edited)

I think I remember 934 waiting for me to confirm dialling. What base did you cwm over Colossae3.23

I have cyda's linked app too now

Edited by fr0do
Guest Colossae3.23

Guest Colossae3.23

Posted
Posted (edited)

I think I remember 934 waiting for me to confirm dialling. What base did you cwm over Colossae3.23

I have cyda's linked app too now

I think its 926, that's what I jumped to, from AtomicMod

Edit: sorry just re-read that. I was on Infusion before the cwm to 940. Pretty sure that was the 934 variety of Infusion

Edited by Colossae3.23
Guest Dazzozo

Guest Dazzozo

Posted
Posted

Stock ICS is not vulnerable. You don't need the protection other devices are employing.

Guest tcpaulh

Guest tcpaulh

Posted
Posted

It'll show imei (for example) in ics but I haven't found any destructive codes

Anyone else?

Guest CIM1

Guest CIM1

Posted
Posted

How do you get a list of implemented USSD codes for a specific phone ROM?

Guest bryfly

Guest bryfly

Posted
Posted

Now it has quietened down a bit, what is the best thing to do for us less expierenced users…..

1) Install telstop.

2) Install dialer one.

3) Its ok, do nothing.

Guest Hogweed

Guest Hogweed

Posted
Posted

Summary: Almost all Android phones have a code used for changing the SIM card PIN. Call this several times with an invalid PUK code and it will lock the SIM permanently. The multiple calls can all be embedded on the one web page.

Personally I've discovered I really like Dialer One. I changed settings for colour scheme and screen layouts and I think it is much better than the stock dialler. Really Like the old school (T9) way of entering a name from your contact list by just entering the first few letters on the NUMERIC keypad. Much faster for me anyway. Set as my default for now.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept