Almost all manufacturers of control code problem affected in Android

Labels: , , ·

From the initially attributed Samsung Android tax code vulnerability seem potentially most smartphones and tablets are concerned UMTS, which runs on Ice Cream Sandwich (version 4.0.x) or an older version of Android. Google has the code in the dialing program in July, updated with version 4.1.1, so that control codes can not be done automatically.

Most dialers that are based on the original Android should, therefore, also contain the flaw. The comments show the readers to yesterday's report showing that almost every manufacturer is vulnerable devices in the program. Sony devices (formerly Sony Ericsson) are currently available information, only affected if it an alternative firmware like Cyanogen mod is installed. Otherwise start the Sony proprietary dialer from the tax code.

The current version of Android Jelly Bean (4.1.x) is installed on only 1.2 percent of all Android smartphones - which should primarily be that for most devices is no update on Jelly Bean and will not give.

The problem with the tax code is that it immediately executes the dialer - regardless of whether they are the users of hand typing on the keypad or by tel: URL has been passed from one Web page to the dialer. While the combination * # 06 # is not harmless and merely displays the 15-digit IMEI number of your smartphone, other tax codes mean that the SIM card will be permanently blocked. Samsung smartphones also know a code that will reset the device to factory settings, so all the user data in the phone memory clears. According to reports, other manufacturers like HTC have incorporated similar commands.

Since the dialer can be addressed in many ways, the tax codes are everywhere: on websites, in HTML emails in WAP push messages and even QR codes. It remains to be seen how the manufacturers are responding to the problem. Especially the users of older devices should not make much hope that there will be for their devices a security patch.

Since the exploit the vulnerability is trivial and the details can be long in the network are circulating, users should not wait for the manufacturer reaction. heise Security advises to install one of the many now offer apps that block the execution of the tax code. Besides TelStop and NoTelURL there recently, the USSD filter of G Data.

The installation of an alternative browser, however, can indeed ensure that tel: URLs are not on websites run longer without being asked, does not protect against control commands in QR codes and Co.

Now It is also on air that Sony (Ericsson) devices with original firmware are affected.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)