Using Android Phone? – You May be A Sitting Duck

I can’t keep quiet about this. You may be at risk of losing all the data on your mobile phone without knowing. In fact, your phone could suddenly be wiped clean and your valuable documents and passwords stolen. I just have to tell you about this or I will feel terribly guilty if any of these things happen to you.

You might have heard of the potential and dreadful USSD Malware that could damage the new Samsung Galaxy S3 and you might have heard that Samsung has released an update to patch the security loophole in Galaxy S3 and (maybe) Galaxy S2. The bad news is that Samsung has not mentioned any patch for its other android phones that could be equally affected. More bad news is that the infection is not limited to Samsung android products alone. The USSD code execution issue also affects other manufacturers like Motorola, Sony, HTC amongst others. My Samsung Galaxy Y Duos is vulnerable just like my son’s Tecno T1. Both running android gingerbread 2.3.6. So, without your brand manufacturer coming out with a solution, you are a sitting duck for the malware or your phone is a piece of disaster waiting to happen – well thankfully not quite.

Don’t Wait – Fix it Yourself
Thankfully, a free tool has just been released into the android market and available on the Google Play Store aimed at protecting you against this malware. It’s NoTelURL developed by Jörg Voss in Germany. It is free and can be downloaded from the store or directly from the maker’s site. I will not go into the complexity of the way the fix works but suffice it to say it assists in handling of URLs that starts with TEL. So when you install this app and you click on a link with this URL, you are presented a dialog box with option to intercept by NoTelURL or use your device dialler. If the dialog box opens spontaneously, then someone is trying to wipe your device or re-route your device calls.

So, why wait? Download the app and enjoy peace of mind knowing that you are safe.

But how do I know if my phone has such vulnerability? You may ask.
No problem. The H Security on their site posted a link you can use to check. The link has the USSD check feature on their browser check page. If your phone is vulnerable, and you click on the link, your device IMEI number is displayed instead of the page opening. The URL is given below:

http://h-online.com/ussd

Give it a try and if you are vulnerable, rush to the google play store and download the app.

Credits:
– Ibukun Olaoya known as @Eye_Bee_Kay on twitter for pointing me to the link on the information about the app
– Afewgoodmen’s Arena for early sounding of the warning about this malware
The H Security for info and the link to test your phones with

Is this post useful? Is it beneficial? Have you personally gained anything from the post?
Please leave a comment below

 

10 comments for “Using Android Phone? – You May be A Sitting Duck

  1. October 1, 2012 at 12:14 am

    Will try it out. Thanks for the heads up!

  2. October 1, 2012 at 3:06 am

    Nice one. At least Android fans can now breath on in peace. It’s a MuSt-try app for every Android user! I’m just surprised that such a useful app could be free!

    Is there no way to donate to the app developer? Folks using this app should not just download the app but should show a form of appreciation.

  3. Olaryeankarh
    October 1, 2012 at 3:32 am

    Amazing! Just hearing this for the first time. Thanks to Eye_bee_kay and Dfewgoodmen for the alert.
    Google should find a way of correcting this asap. No matter how good a third party app works, it can’t still go as deep as official/pre-installed app. Yeah Google to do something.
    You got an informative writeup there @Deolaclinic

  4. October 1, 2012 at 2:41 pm

    thankfully, my Sony Xperia Pro is not affected.

    And yes, every Android user should take the vulnerability test, and avail himself of this app if necessary.

    I hope other Manufacturers would emulate Samsung as regards the speed of response for the SGSIII.

    Getting your device wiped out by something as trite as this is just ridiculous, and SCARY!

  5. Harry Echemco
    October 1, 2012 at 4:36 pm

    Thanks Doc for the info. I don’t think my device is affected. I tried loading the URL with Opera Mini but nothing happened so I reverted to the inbuilt browser, it presented me with a host of options and I chose the default dialer. Instead of the dialer displaying my IMEI, it displayed the imbedded code instead and I was required to tap the dial icon to finally display my IMEI.

    I had TelStop before now which should do basically the same thing, but this one is more elegant because you will never know of its existence until you encounter such URLs while TelStop is ever present for every dialed number or code.

    Please Doc, something needs to be done about the HTML code for the comment box because it doesn’t display well in Opera Mini in single column view. It just displays a strip of vertical text box that is barely enough to take one character per line.

  6. deoladoctor
    October 2, 2012 at 5:52 am

    @Harry,

    Good thing you already have TelStop on your phone. Net effect is the same with NoTellURL. I never knew such app existed till you mention it.

  7. emmaedeh
    October 2, 2012 at 3:12 pm

    Thanks for the heads up, just installed.

  8. jujukemist
    October 2, 2012 at 9:40 pm

    Thank you sir, this is very Important for me, I carry 2 cloud services on my phone. shukran

  9. October 3, 2012 at 2:02 pm

    Please Doc, something
    needs to be done about
    the HTML code for the
    comment box because it
    doesn’t display well in
    Opera Mini in single
    column view. It just
    displays a strip of vertical
    text box that is barely
    enough to take one
    character per line.

    I believe I once mentioned that to the Doc.

    Two ways I use to circumve that problem:

    1. Type your comment in an external Editor and paste on that column.

    2. User the Desktop version (instead of the mobile site) of the blog on your mobile phone.

  10. admin
    October 3, 2012 at 6:38 pm

    @ Harry,

    Thanks for your observations. I have tried without success to re-create the type of errors you noted with the blog comment box. I tried the opera mini single column view on both Galaxy Y Duos and Blackberry 9380. Both displayed the comment boxes well with no issues. I would be pleased to know the make and OS of the phone you used as I see no errors at my end here with both mobile and desktop versions of the site.

    Thanks once again for your comments and for pointing out this issue.

    @Eye.Bee.Kay, same goes to you sir. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *