It is not new that Android apps are always on the target of Cyber Criminals, as you can find lots of updates on internet about the fake apps that contain malware, it is not possible to update you about every fake app, but this post is about the vulnerability, that allows a malicious app to interfere into your calls, like—do a phone call, send mmi or ussd codes or hangup an ongoing call.

This vulnerability has been reported to Google by researchers from German security firm Curesec, and in the blog they claimed that the same vulnerability was reported to Google last year too.

What is the BUG?

Normally, an Android app does not have a permission to access your calls, or access call related systems, but according to the researchers, they able to abuse the BUG that allows them to do the following:

  • Terminate a Call
  • Dial an unwanted number
  • Send USSD Code

Things to Worry:

Well, if it terminates a call, that it can be ok for you sometime, BUT as the vulnerability also call any number, so it means the malware can be call a premium number, that costs you more than a normal rates, and at last you find your Phone Bill with a huge unwanted numbers list.

The list of USSD/SS/MMI codes is long and there are several quite powerful ones like changing the flow of phone calls(forwarding), blocking your simcard, enable or disable caller anonymisation and so on, researchers write.

Affected Versions:

Version SDK Affected
4.1.1 16 Vulnerable
4.1.2 16 Vulnerable
4.2.2 17 Vulnerable
4.3 18 Vulnerable
4.4.2 19 Vulnerable
4.4.3 19 Not Vulnerable
4.4.4 19 Not Vulnerable

My Device is Vulnerable?

If you want to find out about the your Android status, that it is affected by this vulnerability or not, so the researchers team also provided a source code and a proof-of-concept demonstration app, but use at your own risk :)

A full documentation by researchers about this vulnerability available here.



This site uses Akismet to reduce spam. Learn how your comment data is processed.