You are here

U-271: Google Android Dialer TEL URL Handling Flaw Lets Remote Users Deny Service

October 1, 2012 - 6:00am

Addthis

PROBLEM:

Google Android Dialer TEL URL Handling Flaw Lets Remote Users Deny Service

PLATFORM:

Android Version: 2.3.x (potentially earlier versions before 2.3.x too), 3.x (Honeycomb), 4.0.x Ice Cream Sandwitch, 4.1.x Jelly Bean

Devices affected include:  Samsung Galaxy SIII, SII, S Advance, Ace, and possibly others; HTC One Series, Sensation, Sensation XL, and possibly others; Motorola Droids, and Sony Ericsson Xperia series

ABSTRACT:

A vulnerability was reported in Google Android

reference LINKS:

USSD/Android-Dailer-vulnerability
SecurityTracker Alert ID:  1027587

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can create a specially crafted 'TEL' protocol URL that, when loaded by the target user, will execute unstructured supplementary service data (USSD) codes on the target user's device and destroy the SIM card on the target user's device.

Impact:

A remote user can destroy the SIM card on the target user's device.

Solution:

Update your device. The vendor silently issued a fix in June 2012.

Addthis