|
|
|
400 million Ice Cream Sandwich, Honeycomb and Gingerbread users urged to upgrade
Around 400 million people using Android devices are vulnerable to a new attack that wipes all data or disables phones and tablets, security experts have warned.
The very simple attack on a growing number of Android devices uses a flaw in the Unstructured Supplementary Service Data (USSD) code devices, which are used to communicate with the user's service provider's computers for tasks such as call back or balance enquiries.
The attack is launched automatically if someone visits a website on which the malicious code is embedded. It affects version of the Android operating system earliuer than Jelly Bean 4.1.
Read more: Android news | App reviews
The code then tricks the USSD's automatic dialler feature, which makes placing phone calls easier while the user is browsing the web.
The Android device sees this code as a phone number, which then allows the hackers to repeatedly change the PIN code in the SIM or the personal unblocking, key (PUK). The attack also shows the phone's IMEI number.
There appear to be no financial motives behind this attack.
Alexandru Balan of Bitdefender said: "Most malware attacks are motivated by financial gain but not this one. The motive appears to be a prank or making life difficult for someone and it is so easy to carry out that anyone could do this and take revenge on someone."
The user will only realise this after the phone has been switched off and find they are unable to turn it back on as a different PIN has been set. It will also wipe all the data from Samsung devices. To use the device again the user has to get a new SIM from their service provider.
Only devices using Google's latest Android 4.1 Jelly Bean operating system are not vulnerable to this attack. There is also protection for the Samsung Galaxy S III.
However only around two per cent of Android users have Jelly Bean, and older devices will not upgrade to this OS. These people will have to protect themselves in other ways.
Security firms have developed free protection, such as Eset's USSD Control, Bitdefender's Wipe Stopper and G Data's USSD Check, which can be downloaded from Google Play.
There is more about this exploit along with a video at the Dylan Reeve website.
Article tags
Related articles
Bitdefender warns ads can drain battery life, push up data usage and change settings without permission
London Olympics and the end of Adobe mobile flash player spark summer of fake Android apps
A reader asks how to wipe an Android phone's data so it is inaccessible to anyone else, while keeping apps for a new phone
Content Recommendation
Q.Why is Windows Backup skipping files?
Q.Why do my scanned documents display gibberish?
Q.How can I convert MTS files to edit in Windows Movie...
Updating your subscription status 
Save money by switching to fast 3G broadband
USSDD THREAT
htc wildfire open to this no upgrade likely ever! sony xperia ray still waiting for upgrade for this one! reluctant to after poor reviews so ive installed patch and bought bitdefender for both phones jusst prooves that nowt is secure shame on htc for abandoning wildfire and shame on sony for their buggy updates
Posted by neil2047, 13 Oct 2012
Updates
I would update to jelly bean on my 1X, still waiting for HTC to release it. I've installed AV and Bitdefender's wipe stopper. Manufacturers should quicker in releasing patches.
Posted by Singh1970, 16 Oct 2012