Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (VoIP/Phone/FAX)  >   Google Android Vendors:   Google
Google Android Dialer TEL URL Handling Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1027587
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 1 2012
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.3.x, 3.x, 4.0.x, 4.1.x
Description:   A vulnerability was reported in Google Android. A remote user can cause denial of service conditions.

A remote user can create a specially crafted 'TEL' protocol URL that, when loaded by the target user, will execute unstructured supplementary service data (USSD) codes on the target user's device and destroy the SIM card on the target user's device.

The vulnerability resides in the Android Dialer.

Devices affected include:

Samsung Galaxy SIII, SII, S Advance, Ace, and possibly others; HTC One Series, Sensation, Sensation XL, and possibly others; Motorola Droids, and Sony Ericsson Xperia series.

[Editor's note: This is the same vulnerability as described in Alert ID 1027571 affecting Samsung devices. On Samsung devices, the impact also includes remote wipe of the device.]

The original advisory is available at:

Ravi Borgaonkar reported this vulnerability.

Impact:   A remote user can destroy the SIM card on the target user's device.
Solution:   The vendor silently issued a fix in June 2012.
Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC