ESET Releases ESET USSD Control To Prevent Dangerous Android VulnerabilityESET Releases ESET USSD Control To Prevent Dangerous Android Vulnerability
Security flaw allows cybercriminals to potentially take control of unprotected Android-based smartphones
October 3, 2012
SAN DIEGO, Oct. 3, 2012 /PRNewswire/ -- ESET, the leader in proactive protection celebrating 25 years of its technology this year, today announced the release of a special free app, ESET USSD Control, which removes and prevents the potentially dangerous Unstructured Supplementary Service Data (USSD) vulnerability flaw in certain Android-based smartphones. ESET is one of the first major antivirus vendors to provide the fix in the form of a free stand-alone app on Google Play. After installing the app, users should check whether their smartphone is open to such attack by undergoing ESET's USSD test.
This security flaw allows cybercriminals to potentially take control of millions of unprotected Android-based smartphones, essentially any device running Android 4.1.x or lower, through a text message or a QR code. After they take control they can remotely wipe out data from a user's phone.
"The ESET USSD Control application allows users to check potentially malicious phone numbers (USSD codes) before they are dialed by the default phone dialer and can block malicious websites, which abuse USSD codes associated with the vulnerability, ensuring all data on their Android phone stays safe," said Tibor Novosad, Head of the Mobile Applications Section at ESET.
The application displays a warning window every time a malicious USSD code is found, blocking the execution of the command. In order to protect smartphones from USSD attacks, the user has to set the ESET USSD Control application as a default dialer. ESET only scans USSD codes and does not store any dialed numbers.
How the USSD hack works
USSD is a code used by phone manufacturers and carriers for simple customer support. The code starts with an asterisk (*) and continues with hashtags or digits representing commands/data, then ends with a hashtag (#). By entering these codes on your phone you can see your device's International Mobile Equipment Identity (IMEI). The USSD code for this is *#06#. Other codes reveal different information or carry out actions, like a device reset, giving cybercriminals the ability to delete data or reset a phone remotely by initiating such requests.
ESET is actively following up on the most recent Android-related security issues; users can regularly check for more information on the ESET Threat Blog.
ESET is on the forefront of security innovation, delivering trusted protection to make the Internet safer for businesses and consumers. IDC has recognized ESET as a top five corporate anti-malware vendor and one of the fastest growing companies in its category. Trusted by millions of users worldwide, ESET is one of the most recommended security solutions in the world. ESET NOD32 Antivirus consistently achieves the highest accolades in all types of comparative testing, and powers the virus and spyware detection in ESET Smart Security and ESET Cyber Security for Mac. ESET has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Kosice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries. For more information, visit http://www.eset.com/us or call +1 (619) 876-5400.
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper