| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 126949 | 2012-09-26 09:27:00 | WARNING for all ANDROID users - be careful what you do or go. | wainuitech (129) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1303502 | 2012-09-26 11:15:00 | Yes I did and it came across as the usual dooms day caper. For one I couldn't really care what Sophos says and I also started to research the other guys mentioned but decided it wasn't worth the effort. I always think who has an axe to grind when something like this pops up.apple? | plod (107) | ||
| 1303503 | 2012-09-26 11:30:00 | For those interested this site here dylanreeve.com will test to see if your phone auto dials numbers. The code on this site will cause samsung phones to display the IMEI number (if vulnerable) or just leave you on the dialler if not. AOKP Preview 5.1 For i9100 NOT Vulnerable Not sure if the above page will work for other phones, no harm in trying, obviously it won't show the IMEI but see if it attempts to dial the number or not. Happy hacking and stay safe (you too plod) |
The Error Guy (14052) | ||
| 1303504 | 2012-09-26 11:42:00 | For those interested this site here dylanreeve.com will test to see if your phone auto dials numbers. The code on this site will cause samsung phones to display the IMEI number (if vulnerable) or just leave you on the dialler if not. AOKP Preview 5.1 For i9100 NOT Vulnerable Not sure if the above page will work for other phones, no harm in trying, obviously it won't show the IMEI but see if it attempts to dial the number or not. Happy hacking and stay safe (you too plod)it displayed it on my htc |
plod (107) | ||
| 1303505 | 2012-09-26 11:43:00 | apple? +MS |
mikebartnz (21) | ||
| 1303506 | 2012-09-26 11:49:00 | +MSdont forget ya tinfoil hat | plod (107) | ||
| 1303507 | 2012-09-26 14:22:00 | On my One X running CM10 it just takes me to the Dialer but doens't *actually* dial anything, just has *#06# shown. If you push the "call" it doesn't work, you'd have to delete the # then try again. I was having a good play all afternoon with it, trying out varying things. Still, I posted on G+ warning a few people I know with the Galaxy S3 etc. Tried on my fathers iPhone (iOS 5.1.1) at dinner tonight too, nothing happened for him, the "tel:" URI is apparently not recognized ? I wonder how many older model phones are affected by this? |
Chilling_Silence (9) | ||
| 1303508 | 2012-09-26 21:27:00 | I wonder how many older model phones are affected by this? I would assume a lot of dumb phones. This isn't a problem around USSD debugging but around clicking a link that activates the dialler API's on the device (such as phone numbers or specially crafted pages) Normally when an "active number" is activated the phone automatically dials and rings it, in the same way when you click on a hyperlink the browser takes you to the page rather than putting the URL in the address bar and waiting for the user to activate the control. When you look at it the news is about as serious as finding out malicious websites give you viruses. So the problem isn't with Samsung's lack of security, but more in the way they handle dialler requests and the fact that the factory reset USSD has no confirmation, much like a lot of CLI don't prompt for confirmation if used for advanced debugging since it's assumed that if you type the code you know what you're doing. |
The Error Guy (14052) | ||
| 1303509 | 2012-09-26 23:06:00 | My Galaxy S is currently back on stock 2.3.3 and it's vunerable, first time the dialler popped up but no IMEI. Tried again and it popped up with the IMEI. But I'm not worried at all, first I'd have to have the bad luck to happen across a site that uses the exploit (very unlikely, I don't do much browsing on a 4" screen) and even then what's the worse that can happen? I've reset the phone myself numerous times lately. If you save your contacts to your google account then all you can lose is any installed apps or personal files on the phone, and even then a factory reset doesn't touch the SD card. It's not hard to reinstall whatever apps you like, and I now have mine duplicated on my Wi-Fi only android tablet so there's really no risk for me. Currently contemplating trying Jelly Bean again, if I do It'll be interesting to see if the vunerability goes away. My Advice - no matter what device you use or What OS it runs, you should NEVER have only one copy of critical data stored on one device. There is always the potential to lose it. Here's an example, I use the app "Pocket" to store passwords and login details for work because I have a lot of them to keep track of, it's possible to do a secure backup from within the app but I've never bothered. Then I reset my phone and re-installed everything, guess what happened next time I needed to log into something? |
dugimodo (138) | ||
| 1303510 | 2012-09-26 23:16:00 | Currently contemplating trying Jelly Bean again, if I do It'll be interesting to see if the vunerability goes away. 4.1.1 on my S3 is *not* vulnerable. |
inphinity (7274) | ||
| 1303511 | 2012-09-27 01:38:00 | My One-V appears to be vulnerable. | wratterus (105) | ||
| 1 2 3 4 5 6 | |||||