Bitdefender toady released a free security app called “Bitdefender USSD Wipe Stopper “ that protects your Android devices from the recently revealed”USSD HACK” , which can remotely factory reset your phone. Once installed, USSD Wipe Stopper makes your device safe from running unauthorized USSD commands even if your Android version is vulnerable.
Few days back researcher Ravi Borgaonkar demonstrated a dirty USSD hack that wipes Samsung TouchWiz phones such as Galaxy S2 and Galaxy S3, later Samsung released a patch to fix this bug on Samsung devices running 4.0.x or later. However, it was found that the hack is not limited to TouchWiz devices and affects several Android devices running anything below Android 4.1.x aka Jelly Bean.
This USSD vulnerability would allow an attacker to remotely run USSD commands on an Android phone through a fault in the dialer, this can risk hundreds of thousands of Android users worldwid of massive, sudden data loss.
Considering the attack’s trivial nature, using a browser’s User Agent or an iFrame to detect each Android device and serve a specific USSD code could easily be implemented even by poorly skilled coders.
The USSD attack could be delivered via a plethora of methods which include WAP Push SMS, QR Codes and even NFC. With such a broad attack vector, users should exercise extreme caution when hitting links or scanning QR codes.
If you want to know whether your device is affected by this vulnerability, visit this page (without remote wipe) offered by Ravi to see if your device executes a USSD code without dialing.
Also you can check this vulnerability with the Bitdefender USSD Wipe Stopper app, which prevents attackers from remotely wiping your Android device or causing other damage.
Install Bitdefender’s USSD Wipe Stopper to protect against such attacks. Now, once you would tap on a exploiting link, Bitdefender will intercept the wipe command and ask you to decide what to do next. You may, if unsure, dismiss the USSD command.
“The moment the vulnerability came to light, Bitdefender set some of the best minds in the industry to working,” said Bitdefender Chief Security Researcher Alexandru Balan. “We came up with the best solution available – Bitdefender Wipe Stopper. It’s free, so we recommend pretty much every Android owner use it.”
Bitdefender Wipe Stopper, now available for free on Google Play, notifies Android users of any attempt to run a USSD command on their device, allowing them to prevent their phones from executing the malicious commands.