Risk
10/3/2012
10:14 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

ESET Releases ESET USSD Control To Prevent Dangerous Android Vulnerability

Security flaw allows cybercriminals to potentially take control of unprotected Android-based smartphones

SAN DIEGO, Oct. 3, 2012 /PRNewswire/ -- ESET, the leader in proactive protection celebrating 25 years of its technology this year, today announced the release of a special free app, ESET USSD Control, which removes and prevents the potentially dangerous Unstructured Supplementary Service Data (USSD) vulnerability flaw in certain Android-based smartphones. ESET is one of the first major antivirus vendors to provide the fix in the form of a free stand-alone app on Google Play. After installing the app, users should check whether their smartphone is open to such attack by undergoing ESET's USSD test.

This security flaw allows cybercriminals to potentially take control of millions of unprotected Android-based smartphones, essentially any device running Android 4.1.x or lower, through a text message or a QR code. After they take control they can remotely wipe out data from a user's phone.

"The ESET USSD Control application allows users to check potentially malicious phone numbers (USSD codes) before they are dialed by the default phone dialer and can block malicious websites, which abuse USSD codes associated with the vulnerability, ensuring all data on their Android phone stays safe," said Tibor Novosad, Head of the Mobile Applications Section at ESET.

The application displays a warning window every time a malicious USSD code is found, blocking the execution of the command. In order to protect smartphones from USSD attacks, the user has to set the ESET USSD Control application as a default dialer. ESET only scans USSD codes and does not store any dialed numbers.

How the USSD hack works

USSD is a code used by phone manufacturers and carriers for simple customer support. The code starts with an asterisk (*) and continues with hashtags or digits representing commands/data, then ends with a hashtag (#). By entering these codes on your phone you can see your device's International Mobile Equipment Identity (IMEI). The USSD code for this is *#06#. Other codes reveal different information or carry out actions, like a device reset, giving cybercriminals the ability to delete data or reset a phone remotely by initiating such requests.

ESET is actively following up on the most recent Android-related security issues; users can regularly check for more information on the ESET Threat Blog.

About ESET

ESET is on the forefront of security innovation, delivering trusted protection to make the Internet safer for businesses and consumers. IDC has recognized ESET as a top five corporate anti-malware vendor and one of the fastest growing companies in its category. Trusted by millions of users worldwide, ESET is one of the most recommended security solutions in the world. ESET NOD32 Antivirus consistently achieves the highest accolades in all types of comparative testing, and powers the virus and spyware detection in ESET Smart Security and ESET Cyber Security for Mac. ESET has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Kosice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries. For more information, visit http://www.eset.com/us or call +1 (619) 876-5400.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.