USSD vulnerability

**A-android-B** · 09-27-2012, 04:45 PM

Just stumbled across this thread in the optimus s forums and it seems that someone could pull our meid or even erase our phones without any user input whatever. A simple work around is to install a second dialer app and not set a default dialer. Check this out for a test page and way more info
Sent from my LG-VM670 using Android Central Forums

**flapjack.fiasco** · 09-27-2012, 06:59 PM

What are the chances of this actually happening though?

Sent from my LG-VM670 using Tapatalk 2

**Nico72** · 09-27-2012, 07:37 PM

I tried on Opera Mobile and it won't open the dialer with that link. I'm on Bobz CM9.1 if that makes a difference. Probably some stupid script kiddy thinking he is all bad...

**sellers86** · 09-27-2012, 09:24 PM

Nico, no, its a real threat... There is a submission on the cm ics gerrit. not sure if/when it will be accepted

**cole2kb** · 09-27-2012, 11:03 PM

Who says our phones are affected? Any phone will pull up the MEID with that code. HOWEVER...just because you have a dialer code that pulls up your MEID does not mean we have one that initiates any sort of factory reset. There is no proof that our phones are vulnerable to this kind of attack.

**flapjack.fiasco** · 09-27-2012, 11:11 PM

Originally Posted by cole2kb

Who says our phones are affected? Any phone will pull up the MEID with that code. HOWEVER...just because you have a dialer code that pulls up your MEID does not mean we have one that initiates any sort of factory reset. There is no proof that our phones are vulnerable to this kind of attack.

Very true, but I think the real question is, how likely is it that someone would initiate this attack against you? I guess what I mean to say is, what's the motivation for doing this to someone? Is there anything to be gained through such an attack?

Sent from my LG-VM670 using Tapatalk 2

**cole2kb** · 09-27-2012, 11:19 PM

If you can click on one of these links, it could dial a premium number and initiate a charge on your bill, but that's one of the beauties of being pre-paid, we can't even use these services.

The worst case scenario is a factory reset, a la the Samsung phones affected. But, I have yet to find a dialer code to do that on our devices.

**nerdmastax** · 09-28-2012, 08:42 AM

reminds me of the early days with "dialer" appz.

**tvall** · 09-28-2012, 02:04 PM

I don't see any point for anyone to use this "vulnerability" in the wild for, well, anything. Its pointless. Worst case scenario is you have to restore one of your full backups (you do make these, right?)

But tomorrow I will be patching my roms against this and releasing in the usual places.

**sellers86** · 09-28-2012, 02:54 PM

Originally Posted by tvall

I don't see any point for anyone to use this "vulnerability" in the wild for, well, anything. Its pointless. Worst case scenario is you have to restore one of your full backups (you do make these, right?)

But tomorrow I will be patching my roms against this and releasing in the usual places.

it essentially does a factory reset, if it actually pertains to this phone, so that means the unfortunate user would have the recovery bootloop.

**A-android-B** · 09-28-2012, 04:54 PM

What ever the attack could or couldn't do I think I can spare the 250kb of internal space with a second dialer app that for surely can't even execute any of the ussd's. But then again this is America were so many of us walk around unarmed like bad people don't exist. There will be Guinea pigs and some bad things might happen to good people but at least I'll be a spectator and not a participant.

Sent from my LG-VM670 using Android Central Forums

**tvall** · 09-28-2012, 05:01 PM

Originally Posted by sellers86

it essentially does a factory reset, if it actually pertains to this phone, so that means the unfortunate user would have the recovery bootloop.

I completely forgot about that issue....why hasn't someone fixed that?

Sent from my LG-VM670 using Tapatalk 2

**sellers86** · 09-28-2012, 05:34 PM

Originally Posted by tvall

I completely forgot about that issue....why hasn't someone fixed that?

Sent from my LG-VM670 using Tapatalk 2

How? when it execute the factory reset it looks for the stock recovery, and flips when it doesn't find it. At least thats my theory.

**glarepate** · 09-29-2012, 01:34 PM

Originally Posted by tvall

I completely forgot about that issue....why hasn't someone fixed that?

Here is a link to a patch from last June that addresses it:

Courtesy of one of the main community support members over at Republic Wireless.

**EarthnFire78** · 09-30-2012, 03:12 PM

As of right now both MiRaGe and OM-Mandylion have the fix applied in the latest update.

**Phatninja55** · 09-30-2012, 07:41 PM

The only ussd for the v that has factory reset, is the rtn code, I believe it only works on stock/froyo roms tho, and it requires you to have your spc, and then you have to click the button to reset the phone.

**Nico72** · 10-01-2012, 08:51 PM

Originally Posted by cole2kb

If you can click on one of these links, it could dial a premium number and initiate a charge on your bill, but that's one of the beauties of being pre-paid, we can't even use these services.

The worst case scenario is a factory reset, a la the Samsung phones affected. But, I have yet to find a dialer code to do that on our devices.

That's my theory, not every single phone is the same, so it is VERY hard to hit every single combo. As far as I know, the Samsung phones all have very similar codes and such, making them the biggest target in the Android world. If they could crack the iPhone, it would be even easier.