Recently we saw the new Android vulnerability called “USSD hack”, the USSD vulnerability allows an attacker to remotely run USSD commands on an Android phone through a fault in the dialer,which can completely wipe data on android device and SIM card. This vulnerability affects any android device running below Android 4.1.x (Jelly Bean).
The USSD exploit was announced by security researcher, Ravi Borgaonkar in September 2012. He successfully demonstrated how an Android device could be wiped out simply by opening a website containing malicious HTML code which initiated a factory reset. Although Borgaonkar disclosed the vulnerabilities to manufacturers and carriers in June 2012, many users to date still have not received a patch for the firmware.
But several security firms released apps to protect users from this exploit,recently we saw an app from Bitdefender called “USSD Wipe Stopper” and in a similar way , well know security firm Mcafee, came up with a free app called “Dailer Protection” to prevent the USSD exploit affecting your Android phone.
However, if your device is running on Jelly bean OS, then it is free from this vulnerability. If your device is running below Android 4.1, then
McAfee recommends you take the following steps to ensure you are protected
- First, test whether you are vulnerable by clicking here: USSD vulnerability test
- If your IMEI (a 14 to 16 alphanumeric code) shows up, your device is vulnerable. Otherwise, you will only see *#06# on your dialer screen.
- If your device is vulnerable, update your device with the latest software updates provided by your device manufacturer.
- If it shows you are still vulnerable, visit Google Play to download the free McAfee Dialer Protection app.
- Once installed, your device is safe from running unauthorized USSD commands even if your Android version is vulnerable.