{"id":609,"date":"2012-09-29T15:36:29","date_gmt":"2012-09-29T15:36:29","guid":{"rendered":"http:\/\/paulgurney.com\/whats_new_blog\/?p=609"},"modified":"2012-09-29T15:37:49","modified_gmt":"2012-09-29T15:37:49","slug":"is-your-smartphone-vulnerable-to-the-tel-url-attack","status":"publish","type":"post","link":"https:\/\/paulgurney.com\/whats_new_blog\/2012\/09\/is-your-smartphone-vulnerable-to-the-tel-url-attack\/","title":{"rendered":"Is your smartphone vulnerable to the Tel URL attack?"},"content":{"rendered":"<p>A tech named Dylan Reeve has a test site to determine your phone&#8217;s vulnerability:<\/p>\n<p><a title=\"TEl URL attack solution\" href=\"http:\/\/dylanreeve.com\/phone.php\" target=\"_blank\">http:\/\/dylanreeve.com\/phone.php<\/a><\/p>\n<blockquote><p>If your phone is vulnerable to the recently disclosed tel: URL attack then this website will cause your phone to open the dialler and display the IMEI code. With other USSD codes it could do any number of other things, including wipe all phone data.<\/p>\n<p>You can find some more information and a simple workaround here: <a href=\"http:\/\/dylanreeve.posterous.com\/remote-ussd-attack\">http:\/\/dylanreeve.posterous.com\/remote-ussd-attack<\/a><\/p>\n<p><em>What does it all mean?!<\/em><br \/>\nIf visiting this page automatically causes your phone&#8217;s dialler application to pop up with <strong>*#06#<\/strong> displayed then you <strong>are not<\/strong> vulnerable. If, however, the dialler pops up and then you immediately see your phone IMEI number (a 14- or 16-digit number) then you <strong>are<\/strong> potentially vulnerable to attack.<\/p><\/blockquote>\n<p>A poster on the site made an app to solve the problem without changing dialers: Download his free, open-source app that can intercept these malicious URLs:<\/p>\n<p><a title=\"google play store, no USSD attack\" href=\"https:\/\/play.google.com\/store\/apps\/details?id=net.thauvin.erik.android.noussd\" target=\"_blank\">https:\/\/play.google.com\/store\/apps\/details?id=net.thauvin.erik.android.noussd<\/a><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/lh4.ggpht.com\/UF71xpCA3OVOD7yXnsyWduZHKOco47yjNP5J0r0sPjZ5pIr5yfUQUkkpqPeUkd6OEQ=w124\" alt=\"https:\/\/lh4.ggpht.com\/UF71xpCA3OVOD7yXnsyWduZHKOco47yjNP5J0r0sPjZ5pIr5yfUQUkkpqPeUkd6OEQ=w124\" \/><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A tech named Dylan Reeve has a test site to determine your phone&#8217;s vulnerability: http:\/\/dylanreeve.com\/phone.php If your phone is vulnerable to the recently disclosed tel: URL attack then this website will cause your phone to open the dialler and display the IMEI code. With other USSD codes it could do any number of other things, &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/paulgurney.com\/whats_new_blog\/2012\/09\/is-your-smartphone-vulnerable-to-the-tel-url-attack\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Is your smartphone vulnerable to the Tel URL attack?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":55,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,16],"tags":[],"class_list":["post-609","post","type-post","status-publish","format-standard","hentry","category-latest-news","category-mobile"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p415hC-9P","_links":{"self":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/609","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/comments?post=609"}],"version-history":[{"count":4,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/609\/revisions"}],"predecessor-version":[{"id":613,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/609\/revisions\/613"}],"wp:attachment":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/media?parent=609"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/categories?post=609"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/tags?post=609"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}