Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

September 28th, 2012

More Android smartphones vulnerable to vicious attack

Researchers have determined that an attack which can wipe data from Samsung Android devices when visiting a malicious website can also be used to lock the SIM cards or completely wipe all of the data from many other Android phones. In addition to web pages, the attack can be triggered through SMS, or by a rouge NFC tag or QR code.

Mobile geek Dylan Reeve explains how the attack works.  Computerworld summarizes it like this, “The attack can be launched from a Web page by loading a “tel:” URI (uniform resource identifier) with a special factory reset code inside an iframe. If the page is visited from a vulnerable device, the dialer application automatically executes the code and performs a factory reset.”

Check if your smartphone is vulnerable

Here is a way for you to check if your phone is vulnerable to this remote wipe threat: Visit http://dylanreeve.com/phone.php on your Android device, and if your phone is vulnerable, you’ll immediately see your phone’s IMEI number pop up. I checked my HTC Google Nexus One this way, and it came back as being vulnerable. Other phones reported to be affected include the HTC One X, Motorola Defy, Sony Experia Active, Sony Xperia Arc S, and the HTC Desire. Reeve says that Samsung fixed the USSD/MMI code execution issue for Galaxy S III devices, but it appears that all 4.1-based builds are safe, and some 4.0.4 builds as well.

Currently avast! Mobile Security is actively blocking URLs containing malicious code that triggers the exploit. Our Android users can expect an update containing protection against this kind of attack soon. We’ll let you know when that is released.

Edit: We are pleased to confirm that the newest update of avast! Free Mobile Security protects against USSD attacks, without installing additional tools. All you need to do is to accept the program update offered by avast! on your smartphone. Please share this message with your friends who are Android smartphone owners. They might need avast! Mobile Security too. Thank you.

  1. Gordon
    September 28th, 2012 at 22:03 | #1

    Just checked my HTC Wildfire S A510e and the IMEI number came up so hurry up with that update please avast!

  2. Tech
    September 29th, 2012 at 23:44 | #2

    It is expected soon. Stay tunned!

  3. Tech
    October 2nd, 2012 at 20:34 | #3

    Today, I’ve got an update of avast! Mobile Security.
    Is it the expected update or not?

  4. October 3rd, 2012 at 17:49 | #4

    That’s the update. Glad you got it so quickly.

  5. Gordon
    October 3rd, 2012 at 21:05 | #5

    @Deborah Salmi
    Got the update too, tried the link and avast confirmed it had blocked the USSD attempt so job well done, guys and gals. Thanks

Comments are closed.