According to the recent security analysis some of the Samsung Galaxy series android handsets potentially vulnerable to the remote wipe threat via USSD codes. Samsung Galaxy S3, Galaxy S2, Galaxy Beam, Galaxy Ace, and Galaxy S Advance phones confirmed that they contain this security threat. However other handsets can be vulnerable to this hack.
This malicious code can completely delete all the user data in your phone such as call-logs, contacts, SMS etc without user action. In-addition to that it can harm your device’s SIM card.
For instance, if you type *#06# on your keypad, after you press #, it will automatically show your device IMEI number, (no need to press the dial button), like that, if you click on that bad link, it will wipe your data without any warning.
When the user click on the malicious Unstructured Supplementary Service Data (USSD) code contain links (tel: URL), it will instantly run that USSD code in the dial pad app and wipe the phone. These links can be visible on web pages, QR code, SMS, MMS, Email or NFC.
Here’s the video demonstration.
The reason for this issue is the security hole in that affected handsets’ dialer application. However now this is not a serious issue, there’re several apps on the Google play store for stop this security threat. Which means prevent automatic dial the USSD codes.
error: Content is protected !!