|
26th September 2012, 13:19 | #11641 |
|
What a horrible, nasty bug. Tested on Jellybean, not vulnerable as said above.
http://dylanreeve.posterous.com/remote-ussd-attack Install TelStop, which adds a handler for the "tel:" URI. If that URI is used, android will prompt what app to use (which in itself is pretty good). Or install a new dialler like Dialler One (not vulnerable to this). Test link to show imei: tel:*%2306%23 Dialler will always launch. If you're vulnerable, you'll see your imei though. Last edited by sky_ : 26th September 2012 at 13:22. |
26th September 2012, 13:22 | #11642 |
|
So basically the fix is either have Jellybean or install a different dialler? I'm not sure why I care anymore.
|
26th September 2012, 13:26 | #11643 | |
|
Quote:
__________________
Weak hearts I rip. |
|
26th September 2012, 13:30 | #11644 | ||
|
Quote:
https://github.com/timrogers/rack-galaxy-s3-exploit Quote:
__________________
||hellameke.com Image host of NZG pro's||Tu meke Tu much|| |
||
26th September 2012, 13:35 | #11645 | |
|
Quote:
|
|
26th September 2012, 13:36 | #11646 | |
|
Quote:
|
|
26th September 2012, 13:38 | #11647 | |
|
Quote:
__________________
||hellameke.com Image host of NZG pro's||Tu meke Tu much|| |
|
26th September 2012, 13:47 | #11648 |
|
I don't understand? It's just a very silly way to do the attack?
|
26th September 2012, 13:48 | #11649 |
|
you used to be cool
__________________
||hellameke.com Image host of NZG pro's||Tu meke Tu much|| |
26th September 2012, 14:11 | #11650 | |
Raptus regaliter
|
Quote:
[fake edit] never mind, the link above confirms the HTC is also vulnerable, joy. Last edited by sidbo : 26th September 2012 at 14:14. |
|
26th September 2012, 14:12 | #11651 |
|
Awww, sorry =)
|
26th September 2012, 14:13 | #11652 | |
|
Quote:
Also note: the workarounds work for remote exploitation via tel: - but it can be triggered via emergency dialler. That's fixed in JellyBean too... Bring up emergency dialler and put in the code to trigger imei. If it pops up, don't leave you phone near drunken geeks. Last edited by sky_ : 26th September 2012 at 14:18. |
|
26th September 2012, 14:26 | #11653 |
|
Sidbo - does this link trigger it too?
http://dylanreeve.com/phone.php |
26th September 2012, 14:59 | #11654 |
|
Edit: nm
|
26th September 2012, 15:02 | #11655 |
Freeloader
|
|
26th September 2012, 15:04 | #11656 | |
Raptus regaliter
|
Quote:
|
|
26th September 2012, 15:16 | #11657 |
|
Ah bugger.
BaM: fucking love it =) |
26th September 2012, 15:23 | #11658 |
|
(BaM) ^ awesome
Must resist urge to post that on Facebook Last edited by Savage : 26th September 2012 at 15:26. |
26th September 2012, 15:29 | #11659 |
|
if you run chrome you are safe, the TEL uri is not handled by chrome
|
26th September 2012, 15:31 | #11660 | |
|
Quote:
__________________
ɹǝʌo sᴉ ǝɯɐƃ ʎɥʇ |
|
26th September 2012, 15:35 | #11661 | |
|
Quote:
You can trigger it via other means including SMS (WAP PUSH message), QR code (as nicely demonstrated above), NFC... bleh... |
|
26th September 2012, 15:38 | #11662 |
|
yeah it looks like it depends on your phone/dialer
my s3 w/ chrome seems to be ok, have tried a bunch of the test sites in the xda thread |
26th September 2012, 16:04 | #11663 |
|
if your phone is rooted you can remove keystring*.apk from system/app/
will stop the codes from executing but then you cant use any other codes |
26th September 2012, 16:20 | #11664 |
A mariachi ogre snorkel
|
Jesus what a clusterfuck.
|
26th September 2012, 16:32 | #11665 |
|
the guy who found the vulnerability apparently told samsung 3 months ago
so 4.0.4 ont he s3 appears to have been patched didnt tell anyone else though. gg |
26th September 2012, 16:35 | #11666 |
|
<AndroidVersionsInTheWildPieGraph.jpg>
__________________
ɹǝʌo sᴉ ǝɯɐƃ ʎɥʇ |
26th September 2012, 16:40 | #11667 |
|
a lot of the blame is with the user
if you are going to use an old unpatched operating system on the tubes you are going to have a bad time |
26th September 2012, 16:42 | #11668 | |
|
Quote:
__________________
||hellameke.com Image host of NZG pro's||Tu meke Tu much|| |
|
26th September 2012, 16:43 | #11670 | |
SLUTS!!!!!!!
|
Quote:
__________________
Slow internet is worse than no internet. It's like putting your penis in once and then being required to make out for 2 hours --Matt "The Oatmeal" Inman |
|
26th September 2012, 16:45 | #11671 |
A mariachi ogre snorkel
|
Right, off to kinkos to print a few thousand QR code stickers and go wild, brb
|
26th September 2012, 16:46 | #11672 | |
|
Quote:
i like taking snipes at apple as much as anyone, but the world is full of stupid people regardless of what brand they buy |
|
26th September 2012, 16:48 | #11673 |
SLUTS!!!!!!!
|
Telstop seems to stop it. Thanks
__________________
Slow internet is worse than no internet. It's like putting your penis in once and then being required to make out for 2 hours --Matt "The Oatmeal" Inman |
26th September 2012, 16:48 | #11674 | |
|
Quote:
__________________
||hellameke.com Image host of NZG pro's||Tu meke Tu much|| |
|
26th September 2012, 16:49 | #11675 |
|
Geniune question from a non droid user: Is every affected device eligible for a 4.0.4 upgrade? Or are some screwed.
__________________
ɹǝʌo sᴉ ǝɯɐƃ ʎɥʇ |
26th September 2012, 16:50 | #11676 | |
Nothing to See Here!
|
Quote:
|
|
26th September 2012, 16:52 | #11677 | ||
|
Quote:
Quote:
Last edited by blur^ : 26th September 2012 at 16:53. |
||
26th September 2012, 16:57 | #11678 |
Freeloader
|
Cool, because everyone is going to know or care enough to do that.
End result: there are going to be a fuckload of pissed off Android users out there. |
26th September 2012, 16:59 | #11679 | ||
Nothing to See Here!
|
Quote:
Right, let's see if you can flash one to JB. http://forum.xda-developers.com/show....php?t=1742757 Quote:
|
||
26th September 2012, 17:00 | #11680 | |
|
Quote:
__________________
||hellameke.com Image host of NZG pro's||Tu meke Tu much|| |
|