Dialer attack kills Android phones in new way

Oct. 3, 2012, 6:32 PM EDT

By Ben Weitzenkorn

Some of the Android apps that can stop USSD codes.Google Play

A flaw in the dialer of some unpatched Android phones makes users vulnerable to a simple attack that could brick their SIM card with little warning.

The attack essentially locks users out by performing a SIM card PINreset and then "trying" a wrong personal unblocking code several times.

It comes in the form of a USSD (unstructured supplementary service data) code, which is usually used by engineers to look up internal information and program a phone's software. Attackers can load the code onto a phone from a number of different entry points: through the NFC chip, a text message, QR code, Web page or link in an email. Once a user scans the code or clicks the link, the USSD code is loaded into the dialer and executed and the phone's PIN is reset. The user is never shown the new PIN.

A similar vulnerability came to light last week when Android users complained that their phones would reset themselves to the factory settings, seemingly at random. The problem was caused by a quick-to-draw dialer that executed a different, but equally destructive, USSD code without waiting for a prompt from the user.

The problem was originally thought to exist only in Samsung phones running the TouchWiz UI but was later found to exist in several makers' phones. Google fixed the flaw months ago, but Android users who need holes patched and bugs fixed are at the mercy of their carriers, who sometimes delay updates for months. Phones running Jelly Bean (Android 4.1) should not be affected by any USSD attacks.

There are several apps in the Google Play store created exclusively to stop USSD codes from automatically executing in unpatched phones. Users can also choose to download a third-party dialer that will prompt a user to choose a dialer before running the USSD code.

Follow Ben on Twitter @benkwx.

Ben Weitzenkorn

Related Articles