USSD Exploit Can Lock All Android Phone SIM Cards

Răzvan STOICA

October 02, 2012

Promo Protect all your devices, without slowing them down.
Free 30-day trial
USSD Exploit Can Lock All Android Phone SIM Cards

While only a certain brand of smartphones was vulnerable to being wiped via an USSD command embedded in webpages, the locking of SIM cards is possible with most any Android phone.

The victim just needs to have the phone access a maliciously-formed “tel:” URI, such as by visiting a web page with an embedded iframe. When the mobile browser loads it, the embedded USSD command (in this case, the PIN or PUK change command) is executed, without need for confirmation from the user.

After a number of attempts using the wrong PUK, the SIM card is locked and requires a new PUK number to be re-activated.

We strongly recommend that Android users install Bitdefender USSD Wipe Stopper, which has been updated to reflect this threat scenario.

tags


Author


Răzvan STOICA

Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. Recruited by Bitdefender in 2004 to add zest to the company's online presence.

View all posts

You might also like

Bookmarks


loader