top | item 4569833

(no title)

tomscott | 13 years ago

Hello. I'm the guy who put this collection together. I've since tried to update it, and to hit 'delete' on it to avoid spreading misinformation, but Exquisite Tweets is still caching the original version. Mea culpa: I didn't do the research before passing it on.

There's been a lot of back-and-forth over whether it's true or not (check @pof's timeline for such), and a hell of a lot of people sending it on without double-checking. Myself included.

There is clearly a big security bug here (see the video linked), but it's extremely questionable as to whether it can be activated from a web page or whether it requires a bit of social engineering too!

[Edited to add: and just as I write this, @jwheare has cleared the cache and fixed the bug in Exquisite Tweets. Hopefully that should nip this in the bud.]

discuss

forgotusername|13 years ago

I tried reproducing it using a "USSD" that works on my venerable Nexus One (radio debug - * # * # 4636 # * # *), but on entering dialler app the input box is empty. This might simply mean the debug activity was started and got focus before the dialler app had its focus set, so if another such code triggered factory reset, might definitely still work.

jrabone|13 years ago

I wrote a trivial webpage (using the show IMEI USSD * #06#), served from my desktop with Lighttpd. It certainly can be executed via a simple web page using a frameset on both Chrome & Browser, and there's no prompt. Works on a Huawei running 2.3, a Galaxy S2 running ICS, and an HTC.