ESET Releases ESET USSD Control on Google Play to Prevent Dangerous Android USSD Vulnerability

Next story

ESET, the leader in proactive protection celebrating 25 years of its technology this year, has released today a special free app, ESET USSD Control, mitigating a potentially very dangerous vulnerability flaw in certain Android-based smartphones. ESET is one of the first major antivirus vendors to provide the fix in the form of a free stand-alone app on Google Play. After installing the app, user should check whether their smartphone is open to such attack by using ESET’s USSD test.

This security flaw allows the cyber-criminals to wipe the phone data remotely by making users to visit a URL, either directly or through a single text message, or a QR code.

“ESET USSD Control is an application that allows the user to check potentially malicious phone numbers (USSD codes) before they are dialed (executed) by the default phone dialer. It will block malicious websites as well. Checking for malicious codes before they are executed, ESET USSD Control makes sure all data on Android phone stay safe”,
elaborates Tibor Novosad,
Head of Mobile Applications Section at ESET.

The app displays a warning window each time when a malicious USSD code is found, blocking the execution of the command.* In order to protect smartphone from USSD attacks, user has to make sure that ESET USSD Control is set as a default dialer.

How the original hack works? The purpose of USSD (Unstructured Supplementary Service Data) codes (a code starting with asterisk *, continuing with hashtags # or digits, which represent commands or data, and ending with a hashtag) is that telecom operators can provide distance support for phone devices. An example of such code is one that displays IMEI number, but there are also USSD commands that can restore a phone to factory settings on certain models. Thus hackers are able to delete all your data or reset phone remotely by initiating such request in your device. Ravishankar Borgaonkar, a research assistant in the Telecommunications Security department at the Technical University of Berlin, has raised a question to the AV industry by a recent demonstration of the remote data wiping attack at the Ekoparty Security Conference in Buenos Aires, Argentina.For step-by-step description of installation visit our knowledge base article.

ESET is actively following up on the most recent Android related security issues; users can regularly check more information on ESET ThreatBlog* ESET scans only USSD codes and is not storing dialed numbers.

About ESET

ESET, the pioneer of proactive protection and the maker of the award-winning NOD32 technology which is celebrating its 25th anniversary in 2012, is a global provider of security solutions for businesses and consumers. The Company continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET has been selected as one of the most innovative companies in Europe for the 2011 HSBC European Business Awards and holds number of accolades from AV-Comparatives, AV Test and other organizations. ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber Security (solution for Mac) are trusted by millions of global users and are among the most recommended security solutions in the world. The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries.