James Mayes

Posts Tagged ‘NoUSSD’

Android dialler security flaw (and quick fix)

In Gadgets, Mobile on September 28, 2012 at 8:39 am

Noticed this one courtesy of Gareth earlier today. Flew through a couple of different sites researching and finding a fix I liked, thought I’d collate the info in one place.

There’s a recently exposed flaw on Android that will allow malicious web pages to use URL commands automatically. This means a site could potentially do a number of things, including auto-dial calls and force system level commands – potentially including a factory reset.

Not all phones seem to be vulnerable – but I’m running an HTC One X with 4.0.4 on board, and mine was indeed exposed.

First up, visit this page from your device to test it. If it automatically shows the IMEI number of your device, your handset is not secure. If the dialler opens, but gives you the CHOICE of whether or not to dial, you’re fine.

A little more bouncing around found me a great fix. Erik Thauvin released a quick install called NoUSSD (available for direct download or in the Android Play Store). Install that, tiny download, it will ensure any dial action in web pages is forced to give you the choice before the phone dials.

Hope this is useful.

 

%d bloggers like this: