It has been identified by the experts and technology geeks that there is a malicious USSD or Unstructured Supplementary Service Data that runs automatically on android smart phones and they reset entire settings and data of smart phones to default factory levels. This is very nasty malicious code disguised in a USSD form, which we normally execute on our mobile phone services. This code once executed can damage one’s SIM or can also divert calls to certain other locations. It also erases entire settings and resets to default setting of the gadget.
Other than confirmation from different mobile manufacturing companies, the same issue was also highlighted by Mr. Ravishankar Borgaonkar, a research assistant in the Telecommunications Security department at the Technical University of Berlin, Germany. He demonstrated about this nasty code while speaking at a seminar on Ekoparty security conference in Buenos Aires, Argentina. He said, “Several Samsung Android devices, including Samsung Galaxy S III, Galaxy S II, Galaxy Beam, S Advance, and Galaxy Ace were reported to be vulnerable because they supported the special factory reset code”.
He further said, “These codes are enclosed between the * and # characters and are known as Unstructured Supplementary Service Data (USSD) codes when they access services supplied by the mobile operator, or MMI (Man-Machine Interface) codes, when they access phone functions”.
Meanwhile, many news reports and technical studies suggest that many smart phones especially operating under Google’s Android operating systems can be forced by this malicious code to forcibly execute without the consent of the users. This code can execute through multiple ways, and few of them are through a malicious URL and through any faulty website links etc.
Technical experts have also devised a mechanism to check about the vulnerability of Android smartphones through certain online website support. You can go to the website www.isk.kth.se/~rbbo/testussd.html through the browser of your Android smart phone. The test page on this site would check the vulnerability of your Android device to check if your phone dialer processes the USSD code or not. If subjected Android smartphone is vulnerable to this code, the test page will return the IMEI of your device. That means, your phone is vulnerable to this threat and you can lose your data, or SIM at any time by the attack of this USSD malicious code execution.
Samsung has developed a patch against such malicious attacks. By updating your Samsung Android phones by this software patch, you get control on such USSD codes. After you install the patch on your Samsung phone, any such malicious code would be notified by the operating system running on yous Samsung devices and will prompt you to allow it or block it.
Meanwhile, as per Mr. Borgaonkar, if you perform a simple search for resetting the USSD code, Google would return the reset code for the popular HTC Desire Android phone. This shows that all other Android phones are also vulnerable to such threats.
In general, backing up your Android gadgets regularly will be the best practice to avert big damage.