Android Central

A quick way to tell if your Samsung phone is at risk, and what to do if it is 

There's a lot of confusion as to exactly which Samsung phones are affected by today's big scary USSD vulnerability, which could cause some phones to factory reset themselves upon visiting a malicious web page. Some Galaxy S2 and S3-class phones are susceptible, others less so. In some cases it depends if you're running the latest firmware or not. In others, there's no patched firmware available yet.

Samsung will surely be hard at work rolling out fixes for devices that remain susceptible, but in the meantime we've got a quick, easy to tell if your phone is at risk, without taking the plunge and running the malicious code itself. Find out more after the break.

First off, note that today's glitch only affects Samsung phones. Our testing method may produce different results on other manufacturers' devices, but it's important to remember that it's impossible to use this exploit on a phone that's not running Samsung's TouchWiz software. Also, note that we don't see any secret information from your phone during this test. If in doubt, right-click and check the source code to see exactly what we're doing. It's a pretty simple test.

With that in mind, head to this page on your Samsung phone's stock browser. You'll find it at  androidcentral.com/ussd-test

With this page loaded on your phone, simply click the button in the embedded area below to see if your Samsung phone is at risk. The test works by trying to direct you to a benign USSD code, specifically, the one that displays your IMEI (or MEID on CDMA phones) on your screen -- nothing malicious. If you're using a Samsung phone and a window pops up showing your IMEI/MEID number, you're likely vulnerable. If your dialer just loads up showing either nothing, or *#06# in the number read-out, you should be safe.

If the test suggests you're vulnerable, we'd advise you update your firmware to the latest version. If your phone's latest firmware version is still affected, we recommend using a third-party dialer like Dialer One, and setting it as the default dialer until all this has blown over.

Let us know how you get on down in the comments. Safe browsing, everyone!

 

Reader comments

How to tell if your Samsung phone is vulnerable to today's USSD hack

156 Comments

May not be vulnerable to the exploit, but the link does pop up my IMEI on my international HTC One X.

So at least some portion of the code works to do some USSD operations remotely on other than samsung phones.

Yeah, that's an old Android bug. It should be fixed in ICS, but I guess HTC didn't get the memo :)

The fact that there's not a USSD code to reset your phone on non-Samsung devices means there's no real malicious application for this on the One X.

Does anyone know if Lookout will help fight off this exploit?

IMEI comes up on AT&T Galaxy S2 Skyrocket running ICS. :-(

Yeah running official stock ICS 4.0.4 on my Galaxy S II LTE in Canada on Rogers (same phone as the Skyrocket basically) and my IMEI popped up in the dialer plain as day. Argh!

Stock Sprint Galaxy SIII running LG8 - Dialer popped up with "#06#" appearing for a split-second, then just the dialer (no IMEI window).

+1

And I understand the language of "probably" okay, but not definitely. If nothing else than for legal purposes.

I also use Dolphin and a little Opera, so I'm betting I'm shielded, but I'm still gonna be more careful about what sites I visit until we get some kind of update.

On my Samsung Galaxy Note the Dialer Appeared with the IMEI using both the stock browser and Chrome. This is on a Rooted Official ICS ROM. Might be switching to a CM9 or CM10 soon....

VZW Rooted/Unlocked stock VRALF2................ Quick someone get a condom!!!!!!!

Need a shot of AOSP STAT. Will someone please make the dock audio out work.

I clicked the link and got the dialer with the *#06# showing. The number then disappeared leaving the blank dialer showing. I refreshed the site and clicked on the link again and just a blank dialer appeared. No pop-up.

Same here... What that means in terms of this issue? I get *#06# and then it disappeared with just the numbers left on the screen. No IMEI pop-up.

Sprint Epic Touch (SG2) running latest official Sprint firmware for ICS.
Popped up a MEID # when I tested it, is this the same as IMED?

Guessing I may be vulnerable....

T-Mobile SGS3, updated to build IMM76D.T999UVALH2, totally stock/not rooted - dialer appeared, no numbers showed at all.

Just tested on Sprint Samsung Galaxy S2 on Android version 4.0.4 and it did show my IMEI number....yikes!!!!

Verizon S3 stock. First time I clicked the dialer showed up with *#06#, the second time and in Chrome the first time my IMEI number showed up.

I'm on the same provider and same phone but not ICS and the IMEI popped up for me but... on the page it was blocked by some frame issue. I actually had to click on the link within the error frame which I could not widen nor make longer. Anyhow. I'm gutted.

The dialer does pop up with my IMEI number on my Galaxy S2 (International/Danish version). Most disturbing is that it also happens in the other three browsers I tested - Chrome, Boat, ICS+. Wasn't this supposed to be a stock browser vulnerability only?

Stock Sprint GS3 Running LI3 shows blank dialer. Tested both stock browser and Chrome.

Hope I'm safe ;-P

just tried it on my international s3 running ics... shows dialer and *#60# for split second but no imei number so hopefully this means am ok... will stick to my current firmware until this is fixed

AT&T official ICS, rooted (not that it probably matters). Dialer and IMEI...guess I better be careful till this is resolved?

If this is a Touchwiz exploit, will replacing the launcher with something like Zeam, ADW or GoLauncher patch it up?

No. TouchWiz is more than a launcher. You'll want to run a third-party dialer app if you're worried about this, as the vuln lies in the TouchWiz dialer.

But it's more than Touchwiz though as some HTC phones have this issue, and they don't run Touchwiz. It's and Android issue, not Samsung or just Touchwiz.

I'm safe, running the Sprint GS3 stock with the Google Now hack. No Root... Just did the test and the dialer came up blank, nothing happened .

It showed my IMEI on my AT&T Galaxy Note on a rooted Stock ROM, but I never use the stock browser so I'm not worried about it.

Samsung Galaxy Note on Bell Canada is safe...
Found a way to be safer, instal an other dialer on your phone i.e. Go dialer, it will prompt you to choose a dialer if ever you fall on a malicious web page

So here's an intresting wrinkle...I have several different dialer programs. Before the code would run, it prompted me to choose a dialer. It will only work with the stock dialer.

dialer blank on att sgs3 rooted latest I747UCLH9.
otherwise CWM ready to install any cm10 based or AOKP or whatever i find in XDA. :)

Same phone, galaxy S2 international GT9100, dual boot:
CM9 23/09/2012 nightly got imei on chrome and stock, opera would not open the link
AOKP JB build 3, only stock browser, got code in dialer no imei

JB is the answer then?

If you're not running a TouchWiz ROM, you don't need to worry about this. The nasty part of this problem -- the part that factory resets your phone -- is in TouchWiz, not Android.

Stock JB on Sprint GNex brought up *#06#.

I thought the GNex didn't have TouchWiz and wouldn't be vulnerable...what the $%&@!!!

Galaxy note, AT&T, ICS. Imei number pops up on stock and chrome browser.
Where and how do I do a firmware update?

So... I clicked the link on my Bionic and it did launch the dialer and a pop-up with both my MEID HEX and DEC.

What does this mean?

The exploit of being able to run USSD codes directly from a webpage is now clearly an wider Android issue not a Samsung issue, the Samsung problem is there is a USSD code that resets the device. Which hopefully doesn't exist in other manufacturers phones.

So far the Samsung patched S3 and the Galaxy Nexus are the only phones I've seen not pop up with the IMEI when I've tried to exploit them. HTC One X and Sony Xperia both autodial the *#06# rather than show the code in the dialler meaning some other USSD code could be executed without user intervention.

MEID show's up on stock Verizon Galaxy S3. I downloaded Dialer One until firmware is upgraded, however I'm unsure how to set it as the default dialer on the S3. Any help greatly appreciated!

Verizon GSIII running 4.0.4 with latest firmware. Using the chrome browser, the AC link opened my dialer and the *#06# flashed and then went away, leaving my dialer open but blank, and the MEID did not appear. Same thing happened using the stock browser. When I manually entered *#06# into the dialer it did bring up my MEID. So....yeh....

Manually entering the code will always bring up your MEID. As long as it didn't show it automatically when you clicked the link, you're good.

Yeah, I knew the manual entry would bring it up, I just wanted to see it happen, but thanks anyway.

How likely is it do you think that Samsung will bother patching the Fascenate, Vibrant, and other Galaxy S 1 variants ? I'm honestly curious ... still have my Fascenate but haven't used it in ages.

Well I pro formed the rest on my verizon galaxy nexus and my dialer showed up with *#06# in there. No imei or need number appeared during the test.

Galaxy Note N7000 running GingerBread XXLA4. Dialer brings up IMEI. So I would be vulnerable except that first a screen pops up asking me if I want to send the call to GrooveIP or the Dialer. I am unlikely to ignore that popup :)

Captivate Glide. I guess the UCLH2 ICS upgrade that crippled the keyboard backlight at least did something right, because the dialer launches but it is blank -- no IMEI window and no "*#06#" ready for dialing.

Hmm. Ran the link on my rooted stock GB Galaxy Note, and it showed the IMEI. That's a worry, but thankfully I don't use the stock browser at all.

CM10 on Jelly Bean for Galaxy S2 (AT&T) using Dolphin (I deleted all other browsers from my phone)

Propmted me which dialer I wanted to use (exDialer or Phone (stock)). If I chose stock it just shows the *06# code and does nothing.

If I chose exDialer it shows my IMEI.

Basically, if a website prompts my phone program as to which one to use I'm not picking any.

Galaxy S Captivate with CM9.1.0-captivatgemtd

IMEI displayed. Not Touchwiz, so does this mean I'm not vulnerable?

Normally I use Chrome or Dolphin, not the stock browser. Does anyone still use that?

I am surprised no one tested this on a Galaxy Tab 7.7, seeing that it also functions as a phone with dialer and such. Clicking on the link, my international ICS Tab 7.7 with latest firmware opened the dialer AND popped up the IMEI (twice!). I guess this could explain my Tab's random restart? (Tab restarted itself randomly without any user input. It would suddenly turn on the screen and go through the boot up process!)

I have tested the Tab 7.7 (stock HC), using my own test with different (harmless) codes, and codes that the SII executed, were blocked by the 7.7. Afterwards I have updated the SII to stock 4.0.4 and it is now also blocking these codes in my tests.
(I'm not talking about this site's test; there the IMEI popu does appear)

My Cappy running stock GB is vulnerable:(
Installing Dialer One as we speak!!
Well at least I have a good excuse for getting a Galaxy S III now.Schwheatness

My Galaxy Tab 2 10.1 (international with dialer) did *not* display the IMEI using either Chrome or native browser.

i have the samsung 2 epic 4g and my IMEI showed up with the dialer......it also said the firmware was up to date......oh wat do i do now?!

My Sprint E4GT came up as vulnerable. :/ Now I have installed Dialer One since I was already familiar with the program from my Hero anyways. Hopefully Sammy gets this sorted out quick.

Running a stock Samsung Galaxy S Glide on Rogers in Canada.

The test website causes my IMEI to popup. Hooray! I have a f**king security hole the size of a moon crater phone.

Definition of awesome, thanks Samsung, thanks.

:(

Guess I'll have to hold out for the update...oh, wait, my phone is orphaned by both the manufacturer and the carrier. No hope for an update before hell freezes over. Darn.

Methinks I'll be calling Rogers tomorrow and breaking my contract. It's the only way to get out and buy something else...an iPhone 5 perhaps.

S3 running latest Samsung dev jelly bean update, only the dialer pops up. No IMEI and no number waiting to dial

stock 4.0.4 ... VRLG7 VZW SIII

no dialer, no IMEI

had an update pushed to me yesterday about noon.

8)

Hope that edify exploit does not bypass the menu that asks which browser to use to complete the action.

Samsung Galaxy Appeal (AT&T Go Phone) is vulnerable -- the test displays the IMEI, if you use the stock browser. Using Opera Mobile on the same phone produces an error message from the browser -- it doesn't even launch the phone dialer, so at least that could be a workaround.

On my International SGS III I have installed AppLock, and when i click on the link on my stock browser, before my dialer pops up, App Lock shows up asking for unlocking code. I guess this can stop all this?

Can I just stay off the internet and I'll be fine? WHEN WILL THIS BE FIXED! ATT SGS2 and got the IMEI!!!!!!

Sprint S3 I got a blank dialer.. running build number IMM76D.L710VPALG8.
Looks good to me. There is nothing to worry about :)

I have a stock Samsung Galaxy S Epic 4G and my MEID number shows up. Do you think Samsung will fix a phone that old? With Sprint still selling one (plus I sold one from my store the other day) this still would affect people for a year or two.

I thought my Galaxy S2 would have been affected but thankfully it will survive. (T-Mobile model. SGH-T989).

ICS 4.0.4 :-)

I do not agree with the test. It is using a very useful code, which the dialer may choose not to block.

Yesterday I had stock ICS 4.0.3 on my Samsung Galaxy SII and tested links with a different code. The code executed. I tested my Galaxy Tab 7.7 with stock HC and the code didn't execute. I used several codes and checked that they would execute if I entered them manually in the dialer.

Today I have stock ICS 4.0.4 on my SII. I did the same tests and the codes were blocked! So, yes, Samsung did fix the dialer in Touchwiz. The test on this site still shows the IMEI, so that code seems to be whitelisted.

I'm quite impressed with the speed with which Samsung fixed this...

Ran the test on my Sprint Samsung SII Epic Touch which is running 4.0.4 the FH13 build and nothing happens, so I guess I am safe.

Webpage not available

The webpage at tel:*%2306%23 might be temporarily down or it may have moved permanently to a new web address.

Suggestions:

Make sure you have a data connection
Reload this webpage later
Check the address you entered

what does this mean, i have SGS2 with jelly bean 4.1.1 RR by westcrip

TESTED on threee (3) phones:

Phone 1
Galaxy Nexus: Stock 4.1.1 (Jelly Bean), yakju version of phone:

Result: Dialer appears and the input field is populated with *#06# but it stops
there, no IMEI is ever presented.

Same behavior with Stock browser, Chrome and Dolphin browsers.

Phone 2
Nexus One: with Cyanogenmod -7-20120902-NIGHTLY-passion.

Result: Dialer appears, the input field is populated with *#06# and IMEI IS
PRESENTED.

Phone 3:
Galaxy S I9000: with Cyanogenmod-9-20120727-NIGHTLY-galaxysmtd

Result: Dialer appears, the input field is populated with *#06# and IMEI IS
PRESENTED.

Wonder what are Cyanogenmod comments about this... and wonder what is the extent of the threat...danger... Even if there is no actual vulnerability now...it this an open door to it?

Sprint Epic 4G Touch with Calkulin's GB ROM and Dolphin Browser: vulnerable.

Grumble grumble. Not cool, Samsung. Not cool.

Samsung Galaxy Note still with the exploit, yet this morning on the phone with Samsung, Samsung denied any exploit and told me that if my imei number popped up on the androidcentral USSD exploit test, then I should not use this website anymore. HUH................................

Made me laugh.

People, I am not going to read all 141 comments. I did read a few dozen though. If you feel you may be susceptible, simply use a third party dialer. Like this one here (which I also happen to like much better) in GO Contacts EX, by the GO Dev Team > http://bit.ly/W0DKmB

Problem solved. Patches are already being pushed out.

yes, third party antivirus solutions for android are already releasing standalone apps designed to tackle this issue.

I have a Galaxy Apollo and was affected. Thanks to a friend have downloaded Dialer One, so hopefully will be okay now :)

Tested with my Samsung Focus running Windows Phone 7, with a disturbing result. It opens a window asking to verify the number *#06# and a button that says "Call"... it's not a stretch to assume someone could be tricked into pressing "call".

I guess it's not just Android Samsung phones...

Sim Free S2 on Vodafone. Yes vulnerable, and but lookout warned me. So at least I got a warning. Thanks Jerry.

Run the test and appear to be vulnerable (sght989d/galaxys2xtelus) running ics and kies says its current.

"we recommend using a third-party dialer like Dialer One, and setting it as the default dialer until all this has blown over."

Did that too, but as I'm still a noob to android, how do i set it as default dialer?

Dagnabit! I had to do some phone gymnastics before I could test honestly. My antivirus, Webroot SecureAnywhere Complete, popped up its dialer shield, this danger warning Red page saying essentially, STOP, but does allow overrule. Who would overrule this warning which seldom happens. I had to disable that. Then when I took the test again, it offered me choice of stock dialer or the one I installed to replace the stock. I tried the one I installed to replace the stock dialer, the exploit didn't work. I then tried next test the stock dialer, the IMEI code was displayed. I use the DW Contacts & Phone & Dialer to replace the stock.

In my family we use Webroot SecureAnywhere Complete, protects 3 desktops and two Android phones, and some other kin and kith use Lookout, paid version, and they all, ones I've talked to so far have protection from it. They all use dialers other than the stock per my advice for performance and features.
I assume, from some statements here, and personal contacts, that many, if not most, security suites for Android protect against this exploit.

Though my phone is open to this exploit, my configuration and security is such that I feel secure from it.

YES Thank you! Stock and Chrome both came up blank. Then again any time AVG comes up with a warning about a site I RUN FOR THE HILLS. T-Mobile Galaxy S2 SGH-T989 Running stock ICS 4.0.4

Please help. I moved from iPhone world to awesome android and it's only been 5 days and I seem to have 'Security Policy Update' in the notification bar that I can't get rid of. Once clicked, my Samsung galaxy s4 will look for server settings to connect but fails every time. It's been on my notification from the last 2 days. Any help would be greatly appreciated.

Posted via Android Central App