Read message from USSD Android code

9

Using the API on Android is it possible to communicate via USSD?

Is it possible otherwise?

If yes how can I get the response message when entering a USSD code in Java?

    
asked by anonymous 08.07.2014 / 11:43

1 answer

1

This link speaks in general terms about the subject:

Where is the security breach?

To run a USSD code, you must enter it on the keypad of your phone and press "On". What Borgaonkar discovered is that this code runs automatically in the background, without the user noticing that the action is happening.

For this, he used a feature that belongs to the standard smartphone repertoire: the browser link with the phone application (the dialer). That is: If I type in the browser a phone number will directly open the phone application with the number and we just need to click on "Connect" to execute the process. For this, you need an HTML code:

<a href="tel:xyz">Clique aqui para ligar diretamente</a>

Now we can easily replace the phone number " xyz " with the USSD code like * 2767 * 3855 # , easily. Using our example would look like this:

  

<a href="tel:*2767*3855#">Clique aqui para ligar diretamente</a>

The above command assumes, however, that the user clicked on a link, so that the phone application starts. Borgaonkar has incorporated this command into a frame, which looks like the structure below:

<frameset><frame src=“tel:*2767*3855#" /></frameset>

If this structure is placed on an Internet site, any telephone that accesses this page will immediately call this number without further security investigation. But this is not the problem, because when I go to a malicious site with my smartphone, the phone application opens, but I explicitly have to tap "Turn on" for something to happen and take an action.

The security flaw is that some smartphones do not require certain user interactions. Instead, the call is immediately executed in the background. And if this background call hides a corresponding shortcut to a USSD code, that's where the problem lives. In the Borgaonkar demo this means that the Galaxy S2 can visit a malicious website and immediately start the factory reset without the user knowing what is happening.

Reference:

link

    
18.07.2014 / 14:55