USSD attack not limited to Samsung Android devices, can also kill SIM cards
A variation of the recently disclosed attack that can wipe data from Samsung Android devices when visiting a malicious Web page can also be used to disable the SIM cards from many Android phones, researchers say.
Ravishankar Borgaonkar, a research assistant in the Telecommunications Security department at the Technical University of Berlin, recently demonstrated the remote data wiping attack at the Ekoparty security conference in Buenos Aires, Argentina.
The attack can be launched from a Web page by loading a "tel:" URI (uniform resource identifier) with a special factory reset code inside an iframe. If the page is visited from a vulnerable device, the dialer application automatically executes the code and performs a factory reset.