Is your smartphone vulnerable to the Tel URL attack?

A tech named Dylan Reeve has a test site to determine your phone’s vulnerability:

http://dylanreeve.com/phone.php

If your phone is vulnerable to the recently disclosed tel: URL attack then this website will cause your phone to open the dialler and display the IMEI code. With other USSD codes it could do any number of other things, including wipe all phone data.

You can find some more information and a simple workaround here: http://dylanreeve.posterous.com/remote-ussd-attack

What does it all mean?!
If visiting this page automatically causes your phone’s dialler application to pop up with *#06# displayed then you are not vulnerable. If, however, the dialler pops up and then you immediately see your phone IMEI number (a 14- or 16-digit number) then you are potentially vulnerable to attack.

A poster on the site made an app to solve the problem without changing dialers: Download his free, open-source app that can intercept these malicious URLs:

https://play.google.com/store/apps/details?id=net.thauvin.erik.android.noussd

https://lh4.ggpht.com/UF71xpCA3OVOD7yXnsyWduZHKOco47yjNP5J0r0sPjZ5pIr5yfUQUkkpqPeUkd6OEQ=w124

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.