Jump to content
tuxiqul

Vulnerability in Android Phones allows to hack phone calls

By tuxiqul, in Stiri securitate

Recommended Posts

tuxiqul Newbie

tuxiqul

Posted
Posted (edited)

620x353xAndroid-Latest-Vulnerability-2014-1024x584.png.pagespeed.ic.9TR-w5K9vl.png

It is not new that Android apps are always on the target of Cyber Criminals, as you can find lots of updates on internet about the fake apps that contain malware, it is not possible to update you about every fake app, but this post is about the vulnerability, that allows a malicious app to interfere into your calls, like—do a phone call, send mmi or ussd codes or hangup an ongoing call.

This vulnerability has been reported to Google by researchers from German security firm Curesec, and in the blog they claimed that the same vulnerability was reported to Google last year too.

What is the BUG?

Normally, an Android appdoes not have a permission to access your calls, or access call related systems, but according to the researchers, they able to abuse the BUG that allows them to do the following:

  • Terminate a Call
  • Dial an unwanted number
  • Send USSD Code

Things to Worry:

Well, if it terminates a call, that it can be ok for you sometime, BUT as the vulnerability also call any number, so it means the malware can be call a premium number, that costs you more than a normal rates, and at last you findyour PhoneBill with a huge unwantednumbers list.

The list of USSD/SS/MMI codes is long and there are several quite powerful ones like changing the flow of phone calls(forwarding), blocking your simcard, enable or disable caller anonymisation and so on, researchers write.

Affected Versions:

[TABLE=class: cvetable, width: 618]

[TR]

[TH]Version[/TH]

[TH]SDK[/TH]

[TH]Affected[/TH]

[/TR]

[TR]

[TD]4.1.1[/TD]

[TD]16[/TD]

[TD]Vulnerable[/TD]

[/TR]

[TR]

[TD]4.1.2[/TD]

[TD]16[/TD]

[TD]Vulnerable[/TD]

[/TR]

[TR]

[TD]4.2.2[/TD]

[TD]17[/TD]

[TD]Vulnerable[/TD]

[/TR]

[TR]

[TD]4.3[/TD]

[TD]18[/TD]

[TD]Vulnerable[/TD]

[/TR]

[TR]

[TD]4.4.2[/TD]

[TD]19[/TD]

[TD]Vulnerable[/TD]

[/TR]

[TR]

[TD]4.4.3[/TD]

[TD]19[/TD]

[TD]Not Vulnerable[/TD]

[/TR]

[TR]

[TD]4.4.4[/TD]

[TD]19[/TD]

[TD]Not Vulnerable[/TD]

[/TR]

[/TABLE]

My Device is Vulnerable?

If you want to find out about the your Android status, that it is affected by this vulnerability or not, so the researchers team also provided a source code and a proof-of-concept demonstration app, but use at your own risk

A full documentation by researchers about this vulnerability available here.

Sursa: Vulnerability in Android Phones allows to hack phone calls

Edited by tuxiqul

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...