Almost all Android-based smartphones are affected by a dangerous Android USSD vulnerability. The USSD vulnerability allows any malicious users to wipe completely your Android phone remotely, either by directing you to a URL, or through a text message or scan a QR code or NFC tag linking to the malicious website.
The USSD (Unstructured Supplementary Service Data) codes (a code starting with asterisk
*, continuing with hashtags
# or digits, which represent commands or data, and ending with a hashtag) are normally used by handsets to communicate with carriers. A common USSD code used by all handsets is
*#06# which displays the IMEI number of your device.
The Android USSD vulnerability was first highlighted by Ravi Borgaonkar, a research assistant in the Telecommunications Security department at the Technical University of Berlin, at the Ekoparty security conference in Buenos Aires, Argentina, successfully hacked Samsung Galaxy S III using the vulnerability.
Samsung has already patched Galaxy S3 phones with a patch. Later, it has been found that a number of other Android smartphones are also vulnerable to this bug. More details about the hack was later released on the XDA Developers forum. Though after Samsung released the patch for Galaxy S3 users, they are now protected but all other Android smartphone users are still vulnerable.
How To Protect Your Android Smartphone From The USSD Vulnerability?
To protect your Android device from the USSD vulnerability, which may no longer receive any update or patch from the manufacturer, security firm ESET have released a freeware app called ESET USSD Control, available for download from the Google Play Store.
According to Tibor Novosad, Head of Mobile Applications Section at ESET, “ESET USSD Control is an application that allows the user to check potentially malicious phone numbers (USSD codes) before they are dialed (and run) by the default phone dialer. ESET USSD Control will block malicious websites that use malicious USSD codes as well. Checking for malicious codes before they are executed, ESET USSD Control makes sure all data on an Android phone stays safe.”
You need to make ESET USSD Control as your default dialer so that it can protect you. The app displays a warning window each time a malicious USSD code is found, blocking the execution of the command.
Now, that most Android users don’t have any option to patch their devices, they can only use a preventive app like ESET USSD Control to protect their devices.