Fix for Android USSD bug released by ESET

Vulnerability can be used to remotely wipe data from some Android devices

Tags: ESETGoogle AndroidGoogle Incorporated
  • E-Mail
Fix for Android USSD bug released by ESET The USSD bug can be used to perform a factory reset on certain Android devices.
By  Mark Sutton Published  October 3, 2012

ESET has released a fix for the USSD vulnerability that threatens certain Android-based mobile devices.

The vulnerability, which was revealed by a security researcher from the Technical University of Berlin recently, is able to use Unstructured Supplementary Service Data (USSD) to remotely wipe all data from Android handsets if a user visits a web page used to conceal the attack.

The exploit uses USSD codes, that are usually used by telecom operators for providing remote support for devices. Users may either visit a malicious URL, or be directed there by text message link or QR code.

The attack can be launched from a Web page with the hidden code, which automatically execute a factory reset on vulnerable devices.

ESET has released a free app on Google Play, ESET USSD Control, which will check for and block potentially malicious telephone numbers and sites to protect the user. The company has also released a test that users can use to check the vulnerability of their device.

"ESET USSD Control is an application that allows the user to check potentially malicious phone numbers (USSD codes) before they are dialled (executed) by the default phone dialler. It will block malicious websites as well. Checking for malicious codes before they are executed, ESET USSD Control makes sure all data on Android phone stay safe," explained Tibor Novosad, Head of Mobile Applications Section at ESET.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code