Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Free Protection From USSD Vulnerability From ESET

ESET : 03 October, 2012  (New Product)
ESET is offering Android smartphone users free protection from malware which uses USSD codes to remotely reset devices to factory settings and wipe device data
Free Protection From USSD Vulnerability From ESET

If you use an Android phone you may have heard of something called the USSD vulnerability. This allows a nasty piece of malicious software to reset your Android to its factory default settings and permanently delete your data. We will describe the USSD problem in more detail in a moment but first we want to let you know that, because this is a particularly unpleasant case of malware destroying information, ESET has provided a free app available from Google Play to protect your Android phone from this type of attack.

The app is called ESET USSD Control. According to Tibor Novosad, Head of Mobile Applications Section at ESET: “ESET USSD Control is an application that allows the user to check potentially malicious phone numbers (USSD codes) before they are dialed (executed) by the default phone dialer. ESET USSD Control will block malicious websites [that abuse USSD codes] as well. Checking for malicious codes before they are executed, ESET USSD Control makes sure all data on an Android phone stays safe.”

The app displays a warning window each time a malicious USSD code is found, blocking the execution of the command.

In order to protect your Android smartphone from USSD attacks, you have to make sure that ESET USSD Control is set as the default dialer. Here’s how:

1 Download ESET USSD Control from Google Play and install on your Android phone.

2 Use your Android phone to visit the ESET test page.

3 When prompted to complete the action, select “Use by default for this action” and select ESET USSD Control.

Note that ESET only scans USSD code and does not store phone numbers.

The Android USSD Vulnerability

USSD is a code used by phone manufacturers and carriers for simple customer support. The letters stand for Unstructured Supplementary Service Data (USSD). The code starts with an asterisk (*) and continues with hashtags or digits representing commands/data, then ends with a hashtag (#). By entering these codes on your phone you can, for example, see your device’s IMEI (International Mobile Equipment Identity). The USSD code for this is *#06#. Other codes reveal different information or carry out actions, like a device reset.

The potential exists for a web page to instruct your phone to load a “tel:” URI (uniform resource identifier) with a special factory reset code inside an iframe. As Lucian Constantin at ComputerWorld reported, this attack was described by Ravishankar Borgaonkar, a research assistant in the Telecommunications Security department at the Technical University of Berlin, who demonstrated the remote data wiping attack during the Ekoparty security conference in Buenos Aires, Argentina.

These malicious iframes could be placed on hacked websites or specially designed sites. As you probably know, there are numerous ways to trick your smartphone into going to a website, like QR codes or NFC chips. With ESET USSD Control on your Android you won’t need to worry that such tricks will be used to wipe your phone via USSD codes.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo