Patch/Configuration Management, Vulnerability Management

App released for Android USSD exploit

Anti-virus vendor Avira released an app to block an unstructured supplementary service data (USSD) exploit, which could allow attackers to remotely reset phones running Android operating systems 4.1 or earlier. The vulnerability was publicized last month after Ravi Borgaonkar, a researcher at Technical University (TU) Berlin, demonstrated the flaw on a Samsung Galaxy S3 device at the Ekoparty security conference. The bug is exploited if users visit a malicious web page where the USSD code is embedded. New Zealand tech blogger Dylan Reeve said using the standard Android dialer was the issue, as it treated the USSD code like it was typed in by users trying to reset their phones. Samsung users can patch the issue with the latest Galaxy S3 software update.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.