October 02, 2012

App released for Android USSD exploit

Anti-virus vendor Avira released an app to block an unstructured supplementary service data (USSD) exploit, which could allow attackers to remotely reset phones running Android operating systems 4.1 or earlier. The vulnerability was publicized last month after Ravi Borgaonkar, a researcher at Technical University (TU) Berlin, demonstrated the flaw on a Samsung Galaxy S3 device at the Ekoparty security conference. The bug is exploited if users visit a malicious web page where the USSD code is embedded. New Zealand tech blogger Dylan Reeve said using the standard Android dialer was the issue, as it treated the USSD code like it was typed in by users trying to reset their phones. Samsung users can patch the issue with the latest Galaxy S3 software update.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.