Some Android phones possible to be wiped by a link
- Thread starter air2004
- Start date
- Views 6,854
- Replies 69
The problem arises (I believe) from the fact that certain USSD codes don't require you to press dial; they will run as soon as the last digit (generally a #) is entered (try it yourself; if you type *#06# into your dialer it should pop up with your IMEI without you pressing dial). So what "should" happen is that the number is entered, but not dialled. However with these codes, entering the last digit of the number DOES dial, and in Samsung's and HTC's respective dialler apps, they don't have anything preventing that from happening when the number is coming from a browser. The stock Android dialler does, I believe. EDIT: turns out this was at a time an Android wide bug, but has been fixed in Android, the fix just hasn't filtered through to all manufacturer builds. (As well as Samsung's in their latest ROMs; if you have a fully updated GSG3, you're probably safe)
The legitimate use is for sites of businesses or whatever so they can provide a link to phone them without you having to copy a number or whatever.
Well yes, but they could just as easily do this directly from the hacked app without opening a browser. It'd require certain permissions, which would be displayed when the app is being installed, but I doubt most people read those too carefully. I'm not completely sure, but a special permission may also be required for opening a web page, although that would be less suspicious (e.g. could be for opening developer's website or something) than being able to make calls. If the device is rooted, there's even more that can be done (in fact, there's basically no limit; this is why it is particularly silly to install pirated apps if you're rooted), although it will have to ask you for root permissions (although the uploader could possibly pass that off as part of the crack, dunno if people would believe that or not though).
Don't just "be careful", take precautions; for the time being, a good workaround is to install Dialer One and set it as the default dialer for numbers from websites. In future, there may be an update from Samsung blocking the hole (it's already been done for the S3), or else the community will probably create a patch for the stock dialer app that you could install (or some other patch to prevent the hack, but maintain full functionality).
Of course, non-TouchWiz based custom ROMs should also be safe from the attack, so that's another option.
- Joined
- Nov 27, 2006
- Messages
- 6,262
- Trophies
- 1
- Location
- London
- Website
- www.youtube.com
- XP
- 651
- Country
D
Deleted-236924
Guest
- Joined
- Nov 27, 2006
- Messages
- 6,262
- Trophies
- 1
- Location
- London
- Website
- www.youtube.com
- XP
- 651
- Country
So if you use dolphin browser you won't get effected by the exploit? btw I am on 4.0.3 ICS.
Chrome is also affected. Opera Mobile locked the frame out requiring you to click on the code, but when clicked still gets launched without proper notification from android.
- Joined
- Jun 15, 2006
- Messages
- 867
- Trophies
- 0
- Age
- 33
- Location
- Clackamas, Oregon
- Website
- Visit site
- XP
- 356
- Country
Oh scary, I just went to that website on my custom rom'd ICS HTC Sensation through Dolhpin browser and it displayed my IMEI number... Gotta get on this.
You'll notice people have said this only happens with the Stock Browser.
Edit: I noticed you have seen this. I was just confused since you weren't quoting. My bad.
hatredg0d said chrome was affected, it's not though, just displays the web page
tested with stock browser and it opened the dialer, no imei displayed though
firefox also opens the dialer also but doesnt display the imei either
tested with stock browser and it opened the dialer, no imei displayed though
firefox also opens the dialer also but doesnt display the imei either
yeah yeah. Very old hole found in android back when 4.0.1 was first released. Works with any browser capable of sending data to the dial-ler. But most temps members wouldn't know since they avoid egadget and gizmodo.
It is well established as a replacement dialer app, I'd say it's safe from the aspect of saving personal information and sending it to it's servers or whatever. If you mean in terms of being exploitable, it's not vulnerable to this same exploit.
Nope. I use Dolphin and I was able to run a USSD code directly from the browser using the test page. I am convinced the flaw is in the dialer app and not the browser (although the browser may be partially at fault also, depending how it parses tel: links).
I follow both sites and read many articles on both and never heard of this before today. When it was first discovered, it was communicated to Samsung privately and not publicised. No one else seems to have heard about it prior to the announcement in the last day or two. For example, the thread about it on XDA (where there are many very knowledgeable people who would have known about it if it had be public knowledge for a long time) has no mention of it being already known about.
- Joined
- Nov 27, 2006
- Messages
- 6,262
- Trophies
- 1
- Location
- London
- Website
- www.youtube.com
- XP
- 651
- Country
I looked through all the settings and there is no such option can you explain what the hell you are talking about? and this app looks dam ugly too, when I go to my home screen and press the phone icon it still launches my default dialer app so this app really does nothing because you have to select the corresponding app to even use it :S
- No one is chatting at the moment.
-
@
Sonic Angel Knight:
Or, I also heard that if you use flash memory, it can act as more "RAM" at least windows tell me when I stick a flash drive into it. -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
K3Nv2:
I can think of the design teams process another joystick and no audio or a joystick and mono audio -
-
-
-
-
-
-
-
-
