How to tell if your Samsung phone is vulnerable to today's USSD hack

There's a lot of confusion as to exactly which Samsung phones are affected by today's big scary USSD vulnerability, which could cause some phones to factory reset themselves upon visiting a malicious web page. Some Galaxy S2 and S3-class phones are susceptible, others less so. In some cases it depends if you're running the latest firmware or not. In others, there's no patched firmware available yet.

Samsung will surely be hard at work rolling out fixes for devices that remain susceptible, but in the meantime we've got a quick, easy to tell if your phone is at risk, without taking the plunge and running the malicious code itself. Find out more after the break.

First off, note that today's glitch only affects Samsung phones. Our testing method may produce different results on other manufacturers' devices, but it's important to remember that it's impossible to use this exploit on a phone that's not running Samsung's TouchWiz software. Also, note that we don't see any secret information from your phone during this test. If in doubt, right-click and check the source code to see exactly what we're doing. It's a pretty simple test.

With that in mind, head to this page on your Samsung phone's stock browser. You'll find it at androidcentral.com/ussd-test

With this page loaded on your phone, simply click the button in the embedded area below to see if your Samsung phone is at risk. The test works by trying to direct you to a benign USSD code, specifically, the one that displays your IMEI (or MEID on CDMA phones) on your screen -- nothing malicious. If you're using a Samsung phone and a window pops up showing your IMEI/MEID number, you're likely vulnerable. If your dialer just loads up showing either nothing, or *#06# in the number read-out, you should be safe.

If the test suggests you're vulnerable, we'd advise you update your firmware to the latest version. If your phone's latest firmware version is still affected, we recommend using a third-party dialer like Dialer One (opens in new tab), and setting it as the default dialer until all this has blown over.

Let us know how you get on down in the comments. Safe browsing, everyone!

Alex was with Android Central for over a decade, producing written and video content for the site, and served as global Executive Editor from 2016 to 2022.

158 Comments

May not be vulnerable to the exploit, but the link does pop up my IMEI on my international HTC One X. So at least some portion of the code works to do some USSD operations remotely on other than samsung phones.
Yeah, that's an old Android bug. It should be fixed in ICS, but I guess HTC didn't get the memo :) The fact that there's not a USSD code to reset your phone on non-Samsung devices means there's no real malicious application for this on the One X.
I ran the test on my original Galaxy S (Epic 4g) running CM 9, and it showed my MEID.
HTC phones don't use the same code to do factory reset
Doesn't mean you can find the phone modem form the headers and then determin the reset code.
Verizon running unlocked bootloader, rooted, factory ROM. Dialer appeared, but no IMEI.
Same setup and same results. Latest modem firmware (VRLG7).
And my Nexus One. But then, its not ICS.
not touchwiz
Does anyone know if Lookout will help fight off this exploit? IMEI comes up on AT&T Galaxy S2 Skyrocket running ICS. :-(
Yeah running official stock ICS 4.0.4 on my Galaxy S II LTE in Canada on Rogers (same phone as the Skyrocket basically) and my IMEI popped up in the dialer plain as day. Argh!
AT&T Samsung Galaxy S III with STOCK / I747UCALH9 .. Dialer appeared, NO IMEI :)
+1
same here!
Samsung Galaxy Note, dialer appeared but no IMEI.
Stock Sprint Galaxy SIII running LG8 - Dialer popped up with "#06#" appearing for a split-second, then just the dialer (no IMEI window).
+1 And I understand the language of "probably" okay, but not definitely. If nothing else than for legal purposes. I also use Dolphin and a little Opera, so I'm betting I'm shielded, but I'm still gonna be more careful about what sites I visit until we get some kind of update.
On my Samsung Galaxy Note the Dialer Appeared with the IMEI using both the stock browser and Chrome. This is on a Rooted Official ICS ROM. Might be switching to a CM9 or CM10 soon....
VZW Rooted/Unlocked stock VRALF2................ Quick someone get a condom!!!!!!! Need a shot of AOSP STAT. Will someone please make the dock audio out work.
So your IMEI showed up on LF2?
I feel so dirty... It popped up my MEID. Edit: Note:running VRLG7 Baseband.
mine did, i am on Beanstown b11 which is baseband I535VRLF2
Got the blank dialer on my VZW stock S3.
Gnex. Running asop jro03r. Dialer pops up with *#06#. Press call and get Verizon error message.
Link can't be clicked on international galaxy s2 running ICS 4.0.3, i assume my device is safe
Bell S3 I got a blank dialer.. Everything looks good here
I clicked the link and got the dialer with the *#06# showing. The number then disappeared leaving the blank dialer showing. I refreshed the site and clicked on the link again and just a blank dialer appeared. No pop-up.
Same here... What that means in terms of this issue? I get *#06# and then it disappeared with just the numbers left on the screen. No IMEI pop-up.
Note on ICS - got the IMEI.
Same exact thing here!
Note on Cyanogen Mod 9. - got the IMEI
Rooted GS2 Epic 4G on sprint running ICS shows MEID on the dialer. Both stock browser and ICS Browser+.
Sprint Epic Touch (SG2) running latest official Sprint firmware for ICS.
Popped up a MEID # when I tested it, is this the same as IMED? Guessing I may be vulnerable....
Yeah, MEID is the CDMA equivalent of IMEI. And yeah, unfortunately it looks like you're vulnerable.
T-Mobile SGS3, updated to build IMM76D.T999UVALH2, totally stock/not rooted - dialer appeared, no numbers showed at all.
+1 exact same here.
Just tested on Sprint Samsung Galaxy S2 on Android version 4.0.4 and it did show my IMEI number....yikes!!!!
I'm using an International version of S3.
I tested, and the dialer came up, but there was nothing else.
Verizon S3 stock. First time I clicked the dialer showed up with *#06#, the second time and in Chrome the first time my IMEI number showed up.
Edit: first try blank internet page, refreshing the page shows the IMEI
I have a Samsung galaxy s2 for t-mobile. And it's good. I only get the dial screen. Ics 4.0.4
I'm on the same provider and same phone but not ICS and the IMEI popped up for me but... on the page it was blocked by some frame issue. I actually had to click on the link within the error frame which I could not widen nor make longer. Anyhow. I'm gutted.
The dialer does pop up with my IMEI number on my Galaxy S2 (International/Danish version). Most disturbing is that it also happens in the other three browsers I tested - Chrome, Boat, ICS+. Wasn't this supposed to be a stock browser vulnerability only?
Stock Sprint GS3 Running LI3 shows blank dialer. Tested both stock browser and Chrome. Hope I'm safe ;-P
I'm reading the comments, and it seems to be affecting the USA/Europe version of devices?
imei showed up on my s2 ICS on bell
Blank dialer on Verizon stock S3
Mine popped up, so what do I do now?
Samsung Vibrant shows IMEI. Can't believe that SAMSUNG will do anything to improve the VIBRANT.
T-Mo S3, no IMEI shown.
just tried it on my international s3 running ics... shows dialer and *#60# for split second but no imei number so hopefully this means am ok... will stick to my current firmware until this is fixed
AT&T official ICS, rooted (not that it probably matters). Dialer and IMEI...guess I better be careful till this is resolved?
S3 with Polish JB rom, dialer shows but no imei.
If this is a Touchwiz exploit, will replacing the launcher with something like Zeam, ADW or GoLauncher patch it up?
No. TouchWiz is more than a launcher. You'll want to run a third-party dialer app if you're worried about this, as the vuln lies in the TouchWiz dialer.
But it's more than Touchwiz though as some HTC phones have this issue, and they don't run Touchwiz. It's and Android issue, not Samsung or just Touchwiz.
Verizon SIII stock...MEID popped up.
Codename: Android ROM 3.6 VZW GNex. got the #06# crap. No IMEI.
I'm safe, running the Sprint GS3 stock with the Google Now hack. No Root... Just did the test and the dialer came up blank, nothing happened .
It showed my IMEI on my AT&T Galaxy Note on a rooted Stock ROM, but I never use the stock browser so I'm not worried about it.
Vulnerability is in the dialer, not the browser.
Samsung Galaxy Note on Bell Canada is safe...
Found a way to be safer, instal an other dialer on your phone i.e. Go dialer, it will prompt you to choose a dialer if ever you fall on a malicious web page
So here's an intresting wrinkle...I have several different dialer programs. Before the code would run, it prompted me to choose a dialer. It will only work with the stock dialer.
ATT Galaxy Note with running ICS gets the imei with both stock browser and Chrome
dialer blank on att sgs3 rooted latest I747UCLH9.
otherwise CWM ready to install any cm10 based or AOKP or whatever i find in XDA. :)
S2 Skyrocket, IMEI and dialer shows, rooted running CM9 :'-(
s3 here with ics on att, I747UCLH9 just the blank dialer appears.
Same phone, galaxy S2 international GT9100, dual boot:
CM9 23/09/2012 nightly got imei on chrome and stock, opera would not open the link
AOKP JB build 3, only stock browser, got code in dialer no imei JB is the answer then?
If you're not running a TouchWiz ROM, you don't need to worry about this. The nasty part of this problem -- the part that factory resets your phone -- is in TouchWiz, not Android.
My T Mobile UK S3 running latest firmware is OK.
Stock JB on Sprint GNex brought up *#06#. I thought the GNex didn't have TouchWiz and wouldn't be vulnerable...what the $%&@!!!
It isn't vulnerable. The test doesn't apply to non-TouchWiz devices. Ignore the results. You're fine :)
Thanks Alex...freaking out there for a moment :)
You should be safe. The dialer needs to show your MEID or IEMI to be vulnerable.
Galaxy note, AT&T, ICS. Imei number pops up on stock and chrome browser.
Where and how do I do a firmware update?
So... I clicked the link on my Bionic and it did launch the dialer and a pop-up with both my MEID HEX and DEC. What does this mean?
Nothing, because it's not a Samsung phone. You're fine.
The exploit of being able to run USSD codes directly from a webpage is now clearly an wider Android issue not a Samsung issue, the Samsung problem is there is a USSD code that resets the device. Which hopefully doesn't exist in other manufacturers phones. So far the Samsung patched S3 and the Galaxy Nexus are the only phones I've seen not pop up with the IMEI when I've tried to exploit them. HTC One X and Sony Xperia both autodial the *#06# rather than show the code in the dialler meaning some other USSD code could be executed without user intervention.
Rooted Baseband version I747UCLEM.....got the dialer AND IMEI #.
Now what!!!!!
Update your firmware.
Sweet! Dialer, no IMEI. SGS3
MEID show's up on stock Verizon Galaxy S3. I downloaded Dialer One until firmware is upgraded, however I'm unsure how to set it as the default dialer on the S3. Any help greatly appreciated!
I'm running CleanRom 2.1 on my Verizon galaxy s III and when I click the link my meid shows up.
Verizon GSIII running 4.0.4 with latest firmware. Using the chrome browser, the AC link opened my dialer and the *#06# flashed and then went away, leaving my dialer open but blank, and the MEID did not appear. Same thing happened using the stock browser. When I manually entered *#06# into the dialer it did bring up my MEID. So....yeh....
Manually entering the code will always bring up your MEID. As long as it didn't show it automatically when you clicked the link, you're good.
Yeah, I knew the manual entry would bring it up, I just wanted to see it happen, but thanks anyway.
How likely is it do you think that Samsung will bother patching the Fascenate, Vibrant, and other Galaxy S 1 variants ? I'm honestly curious ... still have my Fascenate but haven't used it in ages.
Thanks for helping calm our paranoia, Alex. It's appreciated.
Well I pro formed the rest on my verizon galaxy nexus and my dialer showed up with *#06# in there. No imei or need number appeared during the test.
Samsung Infuse with GB and I got the IMEI I am using Go Launcher, Go Dialer, etc..
Galaxy Note N7000 running GingerBread XXLA4. Dialer brings up IMEI. So I would be vulnerable except that first a screen pops up asking me if I want to send the call to GrooveIP or the Dialer. I am unlikely to ignore that popup :)
GS3 up to date on Sprint and just shows blank dialer.
Good to go!
Captivate Glide. I guess the UCLH2 ICS upgrade that crippled the keyboard backlight at least did something right, because the dialer launches but it is blank -- no IMEI window and no "*#06#" ready for dialing.
Hmm. Ran the link on my rooted stock GB Galaxy Note, and it showed the IMEI. That's a worry, but thankfully I don't use the stock browser at all.
CM10 on Jelly Bean for Galaxy S2 (AT&T) using Dolphin (I deleted all other browsers from my phone) Propmted me which dialer I wanted to use (exDialer or Phone (stock)). If I chose stock it just shows the *06# code and does nothing. If I chose exDialer it shows my IMEI. Basically, if a website prompts my phone program as to which one to use I'm not picking any.
Galaxy S Captivate with CM9.1.0-captivatgemtd IMEI displayed. Not Touchwiz, so does this mean I'm not vulnerable? Normally I use Chrome or Dolphin, not the stock browser. Does anyone still use that?
I wonder if crApple had something to do with this.....?
I am surprised no one tested this on a Galaxy Tab 7.7, seeing that it also functions as a phone with dialer and such. Clicking on the link, my international ICS Tab 7.7 with latest firmware opened the dialer AND popped up the IMEI (twice!). I guess this could explain my Tab's random restart? (Tab restarted itself randomly without any user input. It would suddenly turn on the screen and go through the boot up process!)
I have tested the Tab 7.7 (stock HC), using my own test with different (harmless) codes, and codes that the SII executed, were blocked by the 7.7. Afterwards I have updated the SII to stock 4.0.4 and it is now also blocking these codes in my tests.
(I'm not talking about this site's test; there the IMEI popu does appear)
My Cappy running stock GB is vulnerable:(
Installing Dialer One as we speak!!
Well at least I have a good excuse for getting a Galaxy S III now.Schwheatness
My Galaxy Tab 2 10.1 (international with dialer) did *not* display the IMEI using either Chrome or native browser.
i have the samsung 2 epic 4g and my IMEI showed up with the dialer......it also said the firmware was up to date......oh wat do i do now?!
My Sprint E4GT came up as vulnerable. :/ Now I have installed Dialer One since I was already familiar with the program from my Hero anyways. Hopefully Sammy gets this sorted out quick.
International note running stock rooted ics lrq. Stock kernel. No imei, just blank dialer.
Shows up on Epic 4g Touch running FH13 ICS
Rugby Smart on AT&T. IMEI popped up. Update available. Updated and no more IMEI.
Running a stock Samsung Galaxy S Glide on Rogers in Canada. The test website causes my IMEI to popup. Hooray! I have a f**king security hole the size of a moon crater phone. Definition of awesome, thanks Samsung, thanks. :( Guess I'll have to hold out for the update...oh, wait, my phone is orphaned by both the manufacturer and the carrier. No hope for an update before hell freezes over. Darn. Methinks I'll be calling Rogers tomorrow and breaking my contract. It's the only way to get out and buy something else...an iPhone 5 perhaps.
Then its time for you to go the Custom ROM way! :D CM for the win!!
S3 running latest Samsung dev jelly bean update, only the dialer pops up. No IMEI and no number waiting to dial
Verizon S3 running LG7, the most recent update. All I got was the dialer and it was empty.
GT-I9300, running 4.0.4. Dialer pops up - no IMEI / other number on the dial pad.
Dialer only on my wife's Galaxy S III, but dialer and IMEI on my Atrix 4G. Go fig...
stock 4.0.4 ... VRLG7 VZW SIII no dialer, no IMEI had an update pushed to me yesterday about noon. 8)
CM9 latest build running Touchwiz UX (SGS3 Version). Pops up the dialer and shows my IMEI! :|
Galaxy S3 XEO JB Safe ^^
Tried it and got *#06#! Thank God for that but hope that Samsung resolve this quickly.
Stock international note got blank dialer, no imei
Confirmed MEID and dialer shown on SPRINT GALAXY S2
Just read that this app on google play is a short term fix https://www.androidcentral.com/e?link=https2F2F... Is it worth installing? Be nice if you guys could do a post on it, as to whether we should install or not. Thanks
Hope that edify exploit does not bypass the menu that asks which browser to use to complete the action.
international galaxy s2 on stock ics 4.0.3, imei popped up. feeling paranoid.
Samsung Galaxy Appeal (AT&T Go Phone) is vulnerable -- the test displays the IMEI, if you use the stock browser. Using Opera Mobile on the same phone produces an error message from the browser -- it doesn't even launch the phone dialer, so at least that could be a workaround.
On my International SGS III I have installed AppLock, and when i click on the link on my stock browser, before my dialer pops up, App Lock shows up asking for unlocking code. I guess this can stop all this?
Can I just stay off the internet and I'll be fine? WHEN WILL THIS BE FIXED! ATT SGS2 and got the IMEI!!!!!!
The problem is not only on phones, it also occur on Samsung Android tablets: http://www.appsandroid.dk/joomla/nyheder/diverse-android-nyheder/956-din...
geez am i the only one with this phone? tmobile blaze 4g - IMEI popped up
Sprint S3 I got a blank dialer.. running build number IMM76D.L710VPALG8.
Looks good to me. There is nothing to worry about :)
I have a stock Samsung Galaxy S Epic 4G and my MEID number shows up. Do you think Samsung will fix a phone that old? With Sprint still selling one (plus I sold one from my store the other day) this still would affect people for a year or two.
I thought my Galaxy S2 would have been affected but thankfully it will survive. (T-Mobile model. SGH-T989). ICS 4.0.4 :-)
At&t galaxy s3 and the imei number popped up.... Checked for update and says I have none...
AT&T Skyrocket Vulnurable.
I do not agree with the test. It is using a very useful code, which the dialer may choose not to block. Yesterday I had stock ICS 4.0.3 on my Samsung Galaxy SII and tested links with a different code. The code executed. I tested my Galaxy Tab 7.7 with stock HC and the code didn't execute. I used several codes and checked that they would execute if I entered them manually in the dialer. Today I have stock ICS 4.0.4 on my SII. I did the same tests and the codes were blocked! So, yes, Samsung did fix the dialer in Touchwiz. The test on this site still shows the IMEI, so that code seems to be whitelisted. I'm quite impressed with the speed with which Samsung fixed this...
Ran the test on my Sprint Samsung SII Epic Touch which is running 4.0.4 the FH13 build and nothing happens, so I guess I am safe.
I ran it on my Epic 4G Touch running FH13 and I still got it? Mind retrying?
Tried it twice just to be sure and it did not come up. Some may and some may not have it happen.
I'm running CyanogenMod 9 on my HTC Rezound. Pulls up my MEID.
He said that non-Samsung phones aren't affected by the exploit, no matter if your MEiD comes up or not.
Webpage not available The webpage at tel:*23 might be temporarily down or it may have moved permanently to a new web address. Suggestions: Make sure you have a data connection
Reload this webpage later
Check the address you entered what does this mean, i have SGS2 with jelly bean 4.1.1 RR by westcrip
TESTED on threee (3) phones: Phone 1
Galaxy Nexus: Stock 4.1.1 (Jelly Bean), yakju version of phone: Result: Dialer appears and the input field is populated with *#06# but it stops
there, no IMEI is ever presented. Same behavior with Stock browser, Chrome and Dolphin browsers. Phone 2
Nexus One: with Cyanogenmod -7-20120902-NIGHTLY-passion. Result: Dialer appears, the input field is populated with *#06# and IMEI IS
PRESENTED. Phone 3:
Galaxy S I9000: with Cyanogenmod-9-20120727-NIGHTLY-galaxysmtd Result: Dialer appears, the input field is populated with *#06# and IMEI IS
PRESENTED. Wonder what are Cyanogenmod comments about this... and wonder what is the extent of the threat...danger... Even if there is no actual vulnerability now...it this an open door to it?
Sprint Epic 4G Touch with Calkulin's GB ROM and Dolphin Browser: vulnerable. Grumble grumble. Not cool, Samsung. Not cool.
Make sure you turn on NFC before running this test. Wifh NFC features turned off all appears weill.
Samsung Galaxy Note still with the exploit, yet this morning on the phone with Samsung, Samsung denied any exploit and told me that if my imei number popped up on the androidcentral USSD exploit test, then I should not use this website anymore. HUH................................ Made me laugh.
People, I am not going to read all 141 comments. I did read a few dozen though. If you feel you may be susceptible, simply use a third party dialer. Like this one here (which I also happen to like much better) in GO Contacts EX, by the GO Dev Team > https://www.androidcentral.com/e?link=https2F2F... Problem solved. Patches are already being pushed out.
yes, third party antivirus solutions for android are already releasing standalone apps designed to tackle this issue.
I have a Galaxy Apollo and was affected. Thanks to a friend have downloaded Dialer One, so hopefully will be okay now :)
Samsung galaxy S2 with CM10: dialer pops up with *#06# in the number readout.
Tested with my Samsung Focus running Windows Phone 7, with a disturbing result. It opens a window asking to verify the number *#06# and a button that says "Call"... it's not a stretch to assume someone could be tricked into pressing "call". I guess it's not just Android Samsung phones...
Sim Free S2 on Vodafone. Yes vulnerable, and but lookout warned me. So at least I got a warning. Thanks Jerry.
Run the test and appear to be vulnerable (sght989d/galaxys2xtelus) running ics and kies says its current. "we recommend using a third-party dialer like Dialer One, and setting it as the default dialer until all this has blown over." Did that too, but as I'm still a noob to android, how do i set it as default dialer?
it showed the imei. looks like I won't be using the stock dialer.
My US cellular S3 is safe! Glory hallelujah!
The "Avast! Mobile Security" app block these kind of problems. :D http://s9.postimage.org/5fmnbbem5/capture_02.png
Dagnabit! I had to do some phone gymnastics before I could test honestly. My antivirus, Webroot SecureAnywhere Complete, popped up its dialer shield, this danger warning Red page saying essentially, STOP, but does allow overrule. Who would overrule this warning which seldom happens. I had to disable that. Then when I took the test again, it offered me choice of stock dialer or the one I installed to replace the stock. I tried the one I installed to replace the stock dialer, the exploit didn't work. I then tried next test the stock dialer, the IMEI code was displayed. I use the DW Contacts & Phone & Dialer to replace the stock. In my family we use Webroot SecureAnywhere Complete, protects 3 desktops and two Android phones, and some other kin and kith use Lookout, paid version, and they all, ones I've talked to so far have protection from it. They all use dialers other than the stock per my advice for performance and features.
I assume, from some statements here, and personal contacts, that many, if not most, security suites for Android protect against this exploit. Though my phone is open to this exploit, my configuration and security is such that I feel secure from it.
YES Thank you! Stock and Chrome both came up blank. Then again any time AVG comes up with a warning about a site I RUN FOR THE HILLS. T-Mobile Galaxy S2 SGH-T989 Running stock ICS 4.0.4
Am I blind or I can't find the button?
Samsung Galaxy Note running Android 4.1.2 Jelly Bean Official ROM
Please help. I moved from iPhone world to awesome android and it's only been 5 days and I seem to have 'Security Policy Update' in the notification bar that I can't get rid of. Once clicked, my Samsung galaxy s4 will look for server settings to connect but fails every time. It's been on my notification from the last 2 days. Any help would be greatly appreciated. Posted via Android Central App
Hi after *#06# it shows my imei number /1 what does this mean?? Am I bugged or what?? Help please thanks
What does it mean when you get your IMEI number and 0/1 ?

Show more comments

Get the Android Central Newsletter