USSD attack for android devices can wipe your data or also disable your SIM card

Researcher found a serious vulnerabilities(USSD) on many android devices which can wipe your data and also disable you SIM cards.
This USSD(Unstructured Supplementary Service Data) exploit can work remotely and clean all your device data. Many samsung devices are affected including, Samsung S III, Samsung Galaxy Beam, S Advance, Galaxy Ace and Galaxy S II.

Security expert Ravi Borgaonkar demonstrated this USSD attack that how it can be sent from a website, pushed to the handset by NFC, or triggered by a QR code at the Ekoparty Security Conference.

How USSD Attack Works:-
Every phone support USSDs, USSDs a special dialing codes which is used for any small task or to display any information like *06# for IMEI code, *123# to check balance, these universal codes are also USSD code. Same like every mobile device have its own USSD code for factory reset, manufacturer code etc.
So attackers embed these USSD code on webpages with tel tag. Tel tag is used to hyperlink a phone number on any pages.
So whenever you visit to any infected website, then these specific USSD code(factory reset code) forcely executes and it can reset your device. Once the code is executing on your device, you don’t have any options to stop the processing.

Post a Comment

M14 Network Inc. | Hassnain Arts