The News‎ > ‎

Samsung Touchwiz USSD Code Vulnerability

posted Sep 26, 2012, 1:59 AM by Leigh Williams
By now you have probably heard that your beloved Sammy handset (those running Touchwiz) has quite a serious flaw which allows attackers to execute USSD codes on your phone just by clicking on a link or visiting a website. For those who don't know, USSD codes are those *#12345# sort off codes. Some USSD codes can even factory reset your phone...yeah, like I said it is quite serious. But no fear, help is near! launched an easy to use website that you can use to see if your handset is vulnerable. While this method does guarantee that you are not vulnerable, it is a good indication. If you click on the link and your IMEI number pops up, you are definitely vulnerable. If you click on the link and the code *#06# appears in your dialer but the IMEI code does not pop up, your should be alright. Please visit this site from your Sammy handset!

Even if the IMEI number does not pop up, be sure to clear your dialer by pressing the backspace key. A colleague and I found that when you enter a USSD code (those that are executed immediately when pressing the hash key) in your dialer, and then leaving your phone to go to sleep (display switches off) and then switch on the display again by pressing any key, the code actually executes. This can still leave you exposed so be sure to clear the dialer.

To mitigate this even further, be sure to load the latest firmware on your good old Sammy and to make use of a dialer such as Dialer One.

Check out the source links below for more information: