Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | The Best Holiday Gifts | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Top News Stories

author photo

Android Hack Can Erase All Data From Your Phone

by on September 28, 2012
in Phones and Mobile, News, Blog :: 14 comments

Heads up if you own an Android smartphone: A nasty attack has surfaced that can erase all the data on your phone—contacts, photos, everything—with a line of code hiding in a website you visit or one delivered via text message, NFC tag or QR code.

It comes via a special URL with a “tel:” prefix. If you tap on such a link, it can, in some cases, send an Unstructured Supplementary Service Data (USSD) code to your phone and initiate a factory reset, just as if you had keyed the code yourself.

Normally, people tap these USSD codes into their phones to do things like display an International Mobile Equipment Identity (IMEI) number or to perform a factory reset. But a website that can communicate with your phone and initiate them without your involvement is a scary prospect, indeed.

While first it was thought the hack only worked on Samsung phones, it’s been verified to work on other types as well, including an HTC One X, a Motorola Defy and reportedly a Sony Xperia Active.

One way to find out if your phone is vulnerable is to load this website—http://dylanreeve.com/phone.php—into your phone’s web browser.

If doing so causes your phone's dialer app to display *#06#, rest assured. But if the dialer provides you with a 14- or 16-digit number—your IMEI number—there’s a chance your phone could be attacked.

Developers are already coming up with free apps that guard against this hack. One that works is Bitdefender USSD Wipe Stopper, which you can get free at the Google Play store.

And of course, always make sure to use a good mobile security app on your phone. I reached out to several companies that provide antivirus solutions for phones and asked if their products protect against this kind of attack. Only Lookout Mobile Security (free in Google Play) replied in the affirmative. Kaspersky Mobile Security replied in the affirmative ($14.95 in Google Play) [UPDATE: Kaspersky now says their mobile security app does not protect against this type of threat].

A spokesperson from McAfee said its products don’t currently protect against this type of hack. [UPDATE: McAfee now has a free app to protect against this type of vulnerability called McAfee Dialer Protection.] Norton was unable to provide an answer before this story went to post.
 



Discussion loading

gravatar

android hack

From Karen DeYoung on October 01, 2012 :: 12:43 pm

I did the test and got the ok response. But the Techlicious site says my phone did not pass. Also now when I try to get to Apps on my phone, I get the message that there is no connection with the server. What do I do now?

Reply

avatar

Can you clarify?

From Suzanne Kantra on October 01, 2012 :: 1:18 pm

If the test here http://dylanreeve.com/phone.php says you passed, what do you mean that Techlicious says it didn’t pass? We don’t do any testing on Techlicious, just direct you to the test link.

For your other issue, that sounds like an unrelated connection issue. Make sure you have your cellular data and/or WiFi turned on. And try turning your phone off and on again to reset your connection to the network.

Reply

@android hack

From Dan Yedinak on October 01, 2012 :: 3:45 pm

Are you talking about the image in the post? Specifically, the image found here : http://www.techlicious.com/images/phones/Bitdefender-hack-protection.gif )

Reply

gravatar

android hack

From Karen DeYoung on October 01, 2012 :: 7:52 pm

yes

Reply

Not to worry

From Dan Yedinak on October 02, 2012 :: 3:38 pm

Aha! That explains it, then. smile
The picture is just an example of what you could see. It’s not an actual test, so it is nothing to worry about. Consider yourself safe. smile
Hopefully your separate Apps issue has also found a solution.
Prost!

gravatar

New to Android

From Skinni on October 02, 2012 :: 7:46 am

I currently do not have an Android phone but have put one on layaway.I am not very cell phone savvy.  Is there anything I can do to protect my phone’s contents before I actually use it. Like with computers we put virus protection before anything else.

Reply

Android Reset Hack

From Guy Fulfer on October 02, 2012 :: 1:26 pm

I use Avast Anti-Virus Free Mobile for Android on my Samsung S2 and it WAS protected against this hack (at least according to the test website result) Just wanted to let others know that Avast also protects against this attack. 
Great article by the way!!
-=Guy=-

Reply

gravatar

Thanks

From Aplicativos Para Android on October 16, 2012 :: 12:03 am

Thanks for letting us know Guy!

Reply

gravatar

McAfee also offers free check tool and app

From Lianne on October 10, 2012 :: 3:56 pm

McAfee Dialer Protection now available on Google Play.

To check if your Android phone is vulnerable: https://www.mcafeemobilesecurity.com/dialer-protection/

Reply

nice

From Momo Levi on December 11, 2012 :: 12:56 pm

nice article

Reply

gravatar

Can you direct me to

From Firas on September 08, 2013 :: 5:09 pm

Can you direct me to that website that sends this link?
dose it delete all the data on the phone?

Reply

This is the link to

From Guy Fulfer on September 10, 2013 :: 1:39 am

This is the link to test your Android device, and it (the test) does NOT delete your info on your device. (Link and info taken from the above article)

http://dylanreeve.com/phone.php

“One way to find out if your phone is vulnerable is to load this website— http://dylanreeve.com/phone.php —into your phone’s web browser.

If doing so causes your phone’s dialer app to display *#06#, rest assured. But if the dialer provides you with a 14- or 16-digit number—your IMEI number—there’s a chance your phone could be attacked.”

Hope that helps you!!! By the way if you find that you are not protected, I suggest you try Avast’s Mobile Security for Android. I use Avast in all my devices and have for several years now and it’s NEVER let me down!!! It’s FREE too!! (I am in no way affiliated with Avast other than being a very satisfied user of their products) 

Here is a link to Avast Free Mobile Security for Android

http://www.avast.com/free-mobile-security

Good Luck!!  -=Guy=-

Reply

gravatar

post browsing message recieved as the mentioned web adress browsed

From JANAN on October 21, 2016 :: 7:01 pm

I browsed the website http://dylanreeve.com/phone.php on my samsung galaxy core2 and it replied

” Your connection is not private”
” attackers might be trying to steal your information from dylnareeve.com(for example,password,messages or credit cards.)”

Can some one expert respond about this.Will be heartfully thankful for the help.

Love you all for making globe like globale home where family assisting each others,

regards,
janan

Reply

gravatar

info

From jacob williams on October 27, 2016 :: 11:42 pm

Informative ideas . my family earlier today made use of https://goo.gl/EYJrmr to modify pdf - It’s kind of simple to get the hang of and it’s excellent . I saw on the website they will give a free trial now

Reply

© 2015 Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

site design: Juxtaprose