ESET Releases ESET USSD Control To Prevent Dangerous Android Vulnerability

Security flaw allows cybercriminals to potentially take control of unprotected Android-based smartphones

October 3, 2012

3 Min Read


SAN DIEGO, Oct. 3, 2012 /PRNewswire/ -- ESET, the leader in proactive protection celebrating 25 years of its technology this year, today announced the release of a special free app, ESET USSD Control, which removes and prevents the potentially dangerous Unstructured Supplementary Service Data (USSD) vulnerability flaw in certain Android-based smartphones. ESET is one of the first major antivirus vendors to provide the fix in the form of a free stand-alone app on Google Play. After installing the app, users should check whether their smartphone is open to such attack by undergoing ESET's USSD test.

This security flaw allows cybercriminals to potentially take control of millions of unprotected Android-based smartphones, essentially any device running Android 4.1.x or lower, through a text message or a QR code. After they take control they can remotely wipe out data from a user's phone.

"The ESET USSD Control application allows users to check potentially malicious phone numbers (USSD codes) before they are dialed by the default phone dialer and can block malicious websites, which abuse USSD codes associated with the vulnerability, ensuring all data on their Android phone stays safe," said Tibor Novosad, Head of the Mobile Applications Section at ESET.

The application displays a warning window every time a malicious USSD code is found, blocking the execution of the command. In order to protect smartphones from USSD attacks, the user has to set the ESET USSD Control application as a default dialer. ESET only scans USSD codes and does not store any dialed numbers.

How the USSD hack works

USSD is a code used by phone manufacturers and carriers for simple customer support. The code starts with an asterisk (*) and continues with hashtags or digits representing commands/data, then ends with a hashtag (#). By entering these codes on your phone you can see your device's International Mobile Equipment Identity (IMEI). The USSD code for this is *#06#. Other codes reveal different information or carry out actions, like a device reset, giving cybercriminals the ability to delete data or reset a phone remotely by initiating such requests.

ESET is actively following up on the most recent Android-related security issues; users can regularly check for more information on the ESET Threat Blog.

About ESET

ESET is on the forefront of security innovation, delivering trusted protection to make the Internet safer for businesses and consumers. IDC has recognized ESET as a top five corporate anti-malware vendor and one of the fastest growing companies in its category. Trusted by millions of users worldwide, ESET is one of the most recommended security solutions in the world. ESET NOD32 Antivirus consistently achieves the highest accolades in all types of comparative testing, and powers the virus and spyware detection in ESET Smart Security and ESET Cyber Security for Mac. ESET has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Kosice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries. For more information, visit or call +1 (619) 876-5400.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights