The great combined Smrtphone OS thread

[sky_]

What a horrible, nasty bug. Tested on Jellybean, not vulnerable as said above.

http://dylanreeve.posterous.com/remote-ussd-attack


Install TelStop, which adds a handler for the "tel:" URI. If that URI is used, android will prompt what app to use (which in itself is pretty good).

Or install a new dialler like Dialler One (not vulnerable to this).

Test link to show imei: tel:*%2306%23
Dialler will always launch. If you're vulnerable, you'll see your imei though.

[TnT]

So basically the fix is either have Jellybean or install a different dialler? I'm not sure why I care anymore.

[Spink]

Quote:

Originally Posted by p01s0n

um android is the OS for that demographic where 'poors' overlaps with 'idiots'

I can confirm this is true, I saw an infographic about it.

[p01s0n]

Quote:

Originally Posted by sky_

What a horrible, nasty bug. Tested on Jellybean, not vulnerable as said above.

http://dylanreeve.posterous.com/remote-ussd-attack


Install TelStop, which adds a handler for the "tel:" URI. If that URI is used, android will prompt what app to use (which in itself is pretty good).

Or install a new dialler like Dialler One (not vulnerable to this).

Test link to show imei: tel:*%2306%23
Dialler will always launch. If you're vulnerable, you'll see your imei though.

what about this loller?
https://github.com/timrogers/rack-galaxy-s3-exploit

Quote:

rack-galaxy-s3-exploit is a Rack middleware which adds the code on every page to activate an exploit for (at least some) Samsung Galaxy S3 devices (and perhaps others) which causes them to be returned to factory settings.

[sky_]

Quote:

Originally Posted by p01s0n

what about this loller?
https://github.com/timrogers/rack-galaxy-s3-exploit

What about it?

[sky_]

Quote:

Originally Posted by TnT

So basically the fix is either have Jellybean or install a different dialler? I'm not sure why I care anymore.

Oh fuck yeah. It's damn horrible.

[p01s0n]

Quote:

Originally Posted by sky_

What about it?

can you pls confirm/deny that it is in fact as hilarious as it sounds on paper?

[sky_]

I don't understand? It's just a very silly way to do the attack?

[p01s0n]

you used to be cool

[sidbo]

Quote:

Originally Posted by sky_

What a horrible, nasty bug. Tested on Jellybean, not vulnerable as said above.

http://dylanreeve.posterous.com/remote-ussd-attack


Install TelStop, which adds a handler for the "tel:" URI. If that URI is used, android will prompt what app to use (which in itself is pretty good).

Or install a new dialler like Dialler One (not vulnerable to this).

Test link to show imei: tel:*%2306%23
Dialler will always launch. If you're vulnerable, you'll see your imei though.

I just emailed this to myself, and clicked the link on my phone (HTC One X) and it displayed the IMEI... that means that this is not just Samsung specific? Or is it the USSD code that's specific to the S3 devices?

[fake edit] never mind, the link above confirms the HTC is also vulnerable, joy.

[sky_]

Awww, sorry =)

[sky_]

Quote:

Originally Posted by sidbo

I just emailed this to myself, and clicked the link on my phone (HTC One X) and it displayed the IMEI... that means that this is not just Samsung specific?

Sorry, should have mentioned - this ain't samsung specific. Many, many android devices will be vulnerable to this. It's all about dodgy dialler app code. If it accepts USSD codes from a remote source, it's screwed. Seen another HTC which we think is vulnerable too..

Also note: the workarounds work for remote exploitation via tel: - but it can be triggered via emergency dialler. That's fixed in JellyBean too...

Bring up emergency dialler and put in the code to trigger imei. If it pops up, don't leave you phone near drunken geeks.

[sky_]

Sidbo - does this link trigger it too?
http://dylanreeve.com/phone.php

[sky_]

Edit: nm

[BaM]

[sidbo]

Quote:

Originally Posted by sky_

Sidbo - does this link trigger it too?
http://dylanreeve.com/phone.php

Yep. Popped up the IMEI (once I told it to use the standard dialer to action the link).

[sky_]

Ah bugger.

BaM: fucking love it =)

[Savage]

(BaM) ^ awesome

Must resist urge to post that on Facebook

[blur^]

if you run chrome you are safe, the TEL uri is not handled by chrome

[Cyberbob]

Quote:

Originally Posted by Savage

Must resist urge to post that on Facebook

Done. awaiting replies.

[sky_]

Quote:

Originally Posted by blur^

if you run chrome you are safe, the TEL uri is not handled by chrome

Firefox supports it =/

You can trigger it via other means including SMS (WAP PUSH message), QR code (as nicely demonstrated above), NFC... bleh...

[blur^]

yeah it looks like it depends on your phone/dialer
my s3 w/ chrome seems to be ok, have tried a bunch of the test sites in the xda thread

[blur^]

if your phone is rooted you can remove keystring*.apk from system/app/
will stop the codes from executing but then you cant use any other codes

[Ab]

Jesus what a clusterfuck.

[blur^]

the guy who found the vulnerability apparently told samsung 3 months ago
so 4.0.4 ont he s3 appears to have been patched

didnt tell anyone else though. gg

[Cyberbob]

<AndroidVersionsInTheWildPieGraph.jpg>

[blur^]

a lot of the blame is with the user

if you are going to use an old unpatched operating system on the tubes
you are going to have a bad time

[p01s0n]

Quote:

Originally Posted by blur^

a lot of the blame is with the user

if you are going to use an old unpatched operating system on the tubes
you are going to have a bad time

this is priceless

[Trigger]

hey guys don't forget about BlackBerry

here is a song
http://www.youtube.com/watch?v=WlsahuZ_4oM

[Rince]

Quote:

Originally Posted by sky_

What a horrible, nasty bug. Tested on Jellybean, not vulnerable as said above.

http://dylanreeve.posterous.com/remote-ussd-attack


Install TelStop, which adds a handler for the "tel:" URI. If that URI is used, android will prompt what app to use (which in itself is pretty good).

Or install a new dialler like Dialler One (not vulnerable to this).

Test link to show imei: tel:*%2306%23
Dialler will always launch. If you're vulnerable, you'll see your imei though.

First time I clicked on it, just got the dialer, second time for the imei. Fuck

[Ab]

Right, off to kinkos to print a few thousand QR code stickers and go wild, brb

[blur^]

Quote:

Originally Posted by p01s0n

this is priceless

because im a droid user and i admit there are idiots out there that use droids?

i like taking snipes at apple as much as anyone, but the world is full of stupid people regardless of what brand they buy

[Rince]

Telstop seems to stop it. Thanks

[p01s0n]

Quote:

Originally Posted by blur^

because im a droid user and i admit there are idiots out there that use droids?

this is a pretty redundant statement because the chart clearly shows that only idiots use droids

[Cyberbob]

Geniune question from a non droid user: Is every affected device eligible for a 4.0.4 upgrade? Or are some screwed.

[Saladin]

Quote:

Originally Posted by p01s0n

only idiots use droids

In before someone mentions the Woz.

[blur^]

Quote:

Originally Posted by p01s0n

this is a pretty redundant statement because the chart clearly shows that only idiots use droids

you are a redundant statement

Quote:

Originally Posted by Cyberbob

Geniune question from a non droid user: Is every affected device eligible for a 4.0.4 upgrade? Or are some screwed.

pretty sure everyone can get it, if not directly from their maker they can flash it themselves

[BaM]

Cool, because everyone is going to know or care enough to do that.

End result: there are going to be a fuckload of pissed off Android users out there.

[Saladin]

Quote:

Originally Posted by blur^

pretty sure everyone can get it, if not directly from their maker they can flash it themselves

Let's pick a random droid phone.. Huawei Ideos X5 - was promoted fairly heavily on 2degrees last year.

Right, let's see if you can flash one to JB.

http://forum.xda-developers.com/show....php?t=1742757

Quote:

What Works:

ADB
Touchscreen(thanks dzo)
Hardware Acceleration
Notification LED
SMS
Accelerometer
Charging
Maybe More


What Doesn't work:

Wi-Fi/Bluetooth
Audio
Camera
MTP
Storage
Maybe more

Oh.

[p01s0n]

Quote:

Originally Posted by Saladin

In before someone mentions the Woz.

woz is a huge idiot lol, he's like king of the idiots.