This security flaw allows cybercriminals to potentially take control of millions of unprotected Android-based smartphones, essentially any device running Android 4.1.x or lower, through a text message or a QR code. After they take control they can remotely wipe out data from a user's phone.
"The ESET USSD Control application allows users to check potentially malicious phone numbers (USSD codes) before they are dialed by the default phone dialer and can block malicious websites, which abuse USSD codes associated with the vulnerability, ensuring all data on their Android phone stays safe," said Tibor Novosad, Head of the Mobile Applications Section at ESET.
The application displays a warning window every time a malicious USSD code is found, blocking the execution of the command. In order to protect smartphones from USSD attacks, the user has to set the ESET USSD Control application as a default dialer. ESET only scans USSD codes and does not store any dialed numbers.
How the USSD hack works
USSD is a code used by phone manufacturers and carriers for simple customer support. The code starts with an asterisk (*) and continues with hashtags or digits representing commands/data, then ends with a hashtag (#). By entering these codes on your phone you can see your device's International Mobile Equipment Identity (IMEI). The USSD code for this is *#06#. Other codes reveal different information or carry out actions, like a device reset, giving cybercriminals the ability to delete data or reset a phone remotely by initiating such requests.
ESET is actively following up on the most recent Android-related security issues; users can regularly check for more information on the ESET Threat Blog.
ESET is on the forefront of security innovation, delivering trusted protection to make the Internet safer for businesses and consumers. IDC has recognized ESET as a top five corporate anti-malware vendor and one of the fastest growing companies in its category. Trusted by millions of users worldwide, ESET is one of the most recommended security solutions in the world. ESET NOD32 Antivirus consistently achieves the highest accolades in all types of comparative testing, and powers the virus and spyware detection in ESET Smart Security and ESET Cyber Security for Mac. ESET has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Kosice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries. For more information, visit http://www.eset.com/us or call +1 (619) 876-5400.