October 02, 2012

App released for Android USSD exploit

Anti-virus vendor Avira released an app to block an unstructured supplementary service data (USSD) exploit, which could allow attackers to remotely reset phones running Android operating systems 4.1 or earlier. The vulnerability was publicized last month after Ravi Borgaonkar, a researcher at Technical University (TU) Berlin, demonstrated the flaw on a Samsung Galaxy S3 device at the Ekoparty security conference. The bug is exploited if users visit a malicious web page where the USSD code is embedded. New Zealand tech blogger Dylan Reeve said using the standard Android dialer was the issue, as it treated the USSD code like it was typed in by users trying to reset their phones. Samsung users can patch the issue with the latest Galaxy S3 software update.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.