1. A-android-B's Avatar
    Just stumbled across this thread in the optimus s forums and it seems that someone could pull our meid or even erase our phones without any user input whatever. A simple work around is to install a second dialer app and not set a default dialer. Check this out for a test page and way more info http://dylanreeve.posterous.com/remote-ussd-attack
    Sent from my LG-VM670 using Android Central Forums
    09-27-2012 04:45 PM
  2. flapjack.fiasco's Avatar
    What are the chances of this actually happening though?

    Sent from my LG-VM670 using Tapatalk 2
    09-27-2012 06:59 PM
  3. Nico72's Avatar
    I tried on Opera Mobile and it won't open the dialer with that link. I'm on Bobz CM9.1 if that makes a difference. Probably some stupid script kiddy thinking he is all bad...
    09-27-2012 07:37 PM
  4. sellers86's Avatar
    Nico, no, its a real threat... There is a submission on the cm ics gerrit. not sure if/when it will be accepted
    speakxj7 likes this.
    09-27-2012 09:24 PM
  5. cole2kb's Avatar
    Who says our phones are affected? Any phone will pull up the MEID with that code. HOWEVER...just because you have a dialer code that pulls up your MEID does not mean we have one that initiates any sort of factory reset. There is no proof that our phones are vulnerable to this kind of attack.
    glarepate and Nico72 like this.
    09-27-2012 11:03 PM
  6. flapjack.fiasco's Avatar
    Who says our phones are affected? Any phone will pull up the MEID with that code. HOWEVER...just because you have a dialer code that pulls up your MEID does not mean we have one that initiates any sort of factory reset. There is no proof that our phones are vulnerable to this kind of attack.
    Very true, but I think the real question is, how likely is it that someone would initiate this attack against you? I guess what I mean to say is, what's the motivation for doing this to someone? Is there anything to be gained through such an attack?

    Sent from my LG-VM670 using Tapatalk 2
    09-27-2012 11:11 PM
  7. cole2kb's Avatar
    If you can click on one of these links, it could dial a premium number and initiate a charge on your bill, but that's one of the beauties of being pre-paid, we can't even use these services.

    The worst case scenario is a factory reset, a la the Samsung phones affected. But, I have yet to find a dialer code to do that on our devices.
    glarepate and ThatGuyLurkin like this.
    09-27-2012 11:19 PM
  8. nerdmastax's Avatar
    reminds me of the early days with "dialer" appz.
    09-28-2012 08:42 AM
  9. tvall's Avatar
    I don't see any point for anyone to use this "vulnerability" in the wild for, well, anything. Its pointless. Worst case scenario is you have to restore one of your full backups (you do make these, right?)

    But tomorrow I will be patching my roms against this and releasing in the usual places.
    glarepate and A-android-B like this.
    09-28-2012 02:04 PM
  10. sellers86's Avatar
    I don't see any point for anyone to use this "vulnerability" in the wild for, well, anything. Its pointless. Worst case scenario is you have to restore one of your full backups (you do make these, right?)

    But tomorrow I will be patching my roms against this and releasing in the usual places.
    it essentially does a factory reset, if it actually pertains to this phone, so that means the unfortunate user would have the recovery bootloop.
    09-28-2012 02:54 PM
  11. A-android-B's Avatar
    What ever the attack could or couldn't do I think I can spare the 250kb of internal space with a second dialer app that for surely can't even execute any of the ussd's. But then again this is America were so many of us walk around unarmed like bad people don't exist. There will be Guinea pigs and some bad things might happen to good people but at least I'll be a spectator and not a participant.

    Sent from my LG-VM670 using Android Central Forums
    09-28-2012 04:54 PM
  12. tvall's Avatar
    it essentially does a factory reset, if it actually pertains to this phone, so that means the unfortunate user would have the recovery bootloop.
    I completely forgot about that issue....why hasn't someone fixed that?

    Sent from my LG-VM670 using Tapatalk 2
    09-28-2012 05:01 PM
  13. sellers86's Avatar
    I completely forgot about that issue....why hasn't someone fixed that?

    Sent from my LG-VM670 using Tapatalk 2
    How? when it execute the factory reset it looks for the stock recovery, and flips when it doesn't find it. At least thats my theory.
    09-28-2012 05:34 PM
  14. glarepate's Avatar
    I completely forgot about that issue....why hasn't someone fixed that?
    Here is a link to a patch from last June that addresses it:

    https://android.googlesource.com/pla...edb80c388%5E!/

    Courtesy of one of the main community support members over at Republic Wireless.
    09-29-2012 01:34 PM
  15. EarthnFire78's Avatar
    As of right now both MiRaGe and OM-Mandylion have the fix applied in the latest update.
    09-30-2012 03:12 PM
  16. Phatninja55's Avatar
    The only ussd for the v that has factory reset, is the rtn code, I believe it only works on stock/froyo roms tho, and it requires you to have your spc, and then you have to click the button to reset the phone.
    bkttk2 likes this.
    09-30-2012 07:41 PM
  17. Nico72's Avatar
    If you can click on one of these links, it could dial a premium number and initiate a charge on your bill, but that's one of the beauties of being pre-paid, we can't even use these services.

    The worst case scenario is a factory reset, a la the Samsung phones affected. But, I have yet to find a dialer code to do that on our devices.
    That's my theory, not every single phone is the same, so it is VERY hard to hit every single combo. As far as I know, the Samsung phones all have very similar codes and such, making them the biggest target in the Android world. If they could crack the iPhone, it would be even easier.
    10-01-2012 08:51 PM

Similar Threads

  1. Vulnerability: Remote USSD Attack
    By darkavenger in forum LG Optimus S Rooting, ROMs, and Hacks
    Replies: 19
    Last Post: 10-06-2012, 11:23 PM
  2. Skype for Android Vulnerability!!! READ!
    By deeznuts2 in forum Verizon HTC Thunderbolt
    Replies: 17
    Last Post: 04-16-2011, 08:38 AM
  3. QCodes - ussd requests application
    By Solvek in forum Android Apps
    Replies: 0
    Last Post: 12-07-2010, 04:53 AM
  4. vulnerable after rooting?
    By droidandme in forum AT&T Captivate Rooting, ROMs, and Hacks
    Replies: 1
    Last Post: 08-03-2010, 05:16 PM
  5. EVO Vulnerabilities
    By barko12 in forum HTC EVO 4G
    Replies: 20
    Last Post: 06-04-2010, 06:22 AM
LINK TO POST COPIED TO CLIPBOARD