Owners of Android smartphones should check if their phone has security vulnerability. On some models using the Google operating system it is possible for USSD commands to execute without the consent of the user, for example via a malicious URL on a website.
The USSD codes could potentially be used by an attacker to lock the SIM card or cause call diversion. Security experts have warned that on certain Samsung devices USSD codes could even be used to delete all the data on the phone.
Anyone who wants to check the vulnerability of their smartphone can visit the website www.isk.kth.se/~rbbo/testussd.html using their phone’s browser. The test page checks whether the Android dialer processes USSD codes. If it does, the page will display the device’s IMEI number. If the IMEI appears it means the phone is potentially vulnerable to attack.
Samsung has released a firmware update that patches the vulnerability in its devices. Another way to close the security gap is to install the free app NoTelURL. The app warns users when an USSD command is encountered and asks whether they want to allow it to execute or not.
It’s also a good idea in any case to regularly back up your smartphone’s data.
