Fix for Android USSD bug released by ESET
Vulnerability can be used to remotely wipe data from some Android devices
ESET has released a fix for the USSD vulnerability that threatens certain Android-based mobile devices.
The vulnerability, which was revealed by a security researcher from the Technical University of Berlin recently, is able to use Unstructured Supplementary Service Data (USSD) to remotely wipe all data from Android handsets if a user visits a web page used to conceal the attack.
The exploit uses USSD codes, that are usually used by telecom operators for providing remote support for devices. Users may either visit a malicious URL, or be directed there by text message link or QR code.
The attack can be launched from a Web page with the hidden code, which automatically execute a factory reset on vulnerable devices.
ESET has released a free app on Google Play, ESET USSD Control, which will check for and block potentially malicious telephone numbers and sites to protect the user. The company has also released a test that users can use to check the vulnerability of their device.
"ESET USSD Control is an application that allows the user to check potentially malicious phone numbers (USSD codes) before they are dialled (executed) by the default phone dialler. It will block malicious websites as well. Checking for malicious codes before they are executed, ESET USSD Control makes sure all data on Android phone stay safe," explained Tibor Novosad, Head of Mobile Applications Section at ESET.