Android Dialer Vulnerability on HOX

[kkapoorr]

http://www.theverge.com/2012/9/26/3...aler?utm_medium=referral&utm_source=pulsenews

See this. And sadly my phone failed the test and displayed the IMEI by opening the dialer. I guess it's vulnerable to the security loophole.
What to do?

Btw, my HOX is the international Tegra 3 Version.

Author Of NoobTech
http://wp.me/2uu9r

 

[MangoPowah]

My phone failed as well, it seems. I'm on the AT&T version.

Sent from my HTC One X

 

[brekfest]

Here's some more information. These instructions didn't work perfectly for me though.

http://dylanreeve.posterous.com/remote-ussd-attack

I downloaded Dialer One and set it as my default dialer, which now gives me the proper *#06# rather than the IMEI number the built in dialer does.

Hope this pushes at&t to put out an update that also addresses the bugs from the last one.


Sent from my HTC One X using Android Central Forums

 

[icebike]

You don't need to worry.

http://www.androidcentral.com/ussd-test
Read the story on AC from a few days ago.

Even though the HOX will show you the IMEI, it doesn't honor the code for remote factory reset. It doesn't even honor that code if you key it in manually.

So calm down folks, no need to install alternative dialers.

Sent from my HTC One X using Tapatalk 2

 

[kkapoorr]

*Phew*:screwy:

Author Of NoobTech
http://wp.me/2uu9r

 

[kkapoorr]

There's your solution:
http://forum.xda-developers.com/showthread.php?t=1908170

Author Of NoobTech
http://wp.me/2uu9r

 

[icebike]

Not a solution for us HOX users, because you need a problem first, and we don't have one.

There are no destructive ussd codes that our phones honor.

Only Samsung built in these code. No other manufacturer was that dumb.

Sent from my HTC One X using Tapatalk 2

 

[icebike]

Here is more on this issue. There appears to be another way you can get hurt...

Samsung Android hole also leaves SIM cards vulnerable | PCWorld

In addition to the factory reset codes, some other codes can also be dangerous. During his presentation, Borgaonkar mentioned that the same attack can be used to "kill" SIM cards.

This is possible because of a MMI code that allows changing a SIM card's PIN (Personal Identity Number) number using the PUK (Personal Unblocking Key), Collin Mulliner, a mobile security researcher who works in the SECLAB at Northeastern University in Boston, said Tuesday via e-mail.

I don't know if the HOX is vulnerable to this or not.

This app: https://forums.androidcentral.com/e...etails?id=org.mulliner.telstop&token=TkX96quT
takes a measily 12k, and until this gets addressed in all phones, maybe the best thing is to just install it.

It appears that Lookout Mobile security already intercepts some of these dialer codes with the latest release.