自我檢測Android漏洞 - Android

By William
at 2012-09-27T16:02

Table of Contents

前幾天在三星Galaxy設備上發現的「初始化」漏洞的影響範圍正在進一步擴大。

根據測試小組目前掌握的情況，該漏洞並不是三星TouchWiz定製UI所造成的。因為他們發
現運行Sense 4.0界面的HTC One X以及運行CyanogenMod的摩托羅拉設備也都出現了這一
問題。另外，運行Android 2.2操作系統的HTC Desire部分機型同樣包含這一漏洞。

同時，測試小組為了幫助安卓手機用戶鑑定自己的手機是否存在該漏洞，還特意放出了一
個檢測網址（http://dylanreeve.com/phone.php）。用戶在檢測時，首先需要用手機的
瀏覽器訪問這個網址，如果手機存在這一漏洞的話，那麼在訪問這個地址後將會自動顯示
手機的15位IMEI號碼。

另外，測試小組表示截至目前還沒有特別有效的方法來堵住這個漏洞。因此，建議用戶在
官方發佈安全更新之前先使用第三方瀏覽器軟件，因為這些軟件通常不具備直接處理這些
特殊字符串的權限。

方法:
(1)用手機瀏覽器連至此網址（http://dylanreeve.com/phone.php）
(2)如果馬上彈出14或15位的IMEI碼，表示你中獎了，
(3)如果只是彈出打電話畫面且上面顯示*#06#(部份手機不會顯示)，
代表你手機無此USSD漏洞

http://dylanreeve.posterous.com/remote-ussd-attack
此網頁有說明一些防止方法，目前4.1不會有事，部份4.0.4機型會中

--

Tags: Android

All Comments

By Damian
at 2012-09-28T18:47

中獎:o

By Ophelia
at 2012-09-30T17:00

....ArcS 2.3.4 root 未解鎖, 海豚瀏覽器中鏢..........

By Daniel
at 2012-10-01T12:48

S3彈出撥號介面但是沒有顯示*#06#

By Frederic
at 2012-10-02T02:33

有彈出*#06#，但是一下子就不見了。原生瀏覽器+firefox
S3 沒中

By Charlie
at 2012-10-02T03:34

SE Arc 沒事，出現 *#06#

By Dinah
at 2012-10-06T09:27

意思是說如果有中的話就要多裝一個撥號app 然後萬一上

By Joe
at 2012-10-08T17:53

SS Opera沒問題不過內建的有問題

By Brianna
at 2012-10-13T10:54

S2 4.0.4 LPQ 沒中獎

By Mason
at 2012-10-13T22:20

網的時候突然跳出選擇撥號APP的視窗的時候就表示受到
攻擊了取消掉就沒事了是嗎？

By Oscar
at 2012-10-14T15:34

其實按確定也沒關係拉就是跳出IMEI而已
現在的情況是三星的問題比較嚴重可以引起factory reset
其他家的會不會就不知道了

By Ida
at 2012-10-16T20:44

XP沒事 Operamobile/mini firefox 原裝都沒事

By Caroline
at 2012-10-19T05:26

Xperia S沒事XDD

By Ophelia
at 2012-10-23T00:56

http://tinyurl.com/cklcry8 主要的差異是三星的會直接

By Charlotte
at 2012-10-23T13:06

SS毒蛇1.3.5中標.....

By Poppy
at 2012-10-24T05:29

S2原裝海豚都中獎......

By Delia
at 2012-10-27T00:01

S3 4.1原廠遊覽器沒事！

By Poppy
at 2012-10-28T11:24

不詢問factory reset （抖）

By Bethany
at 2012-10-31T03:08

S1 Pass

By Carol
at 2012-11-01T21:10

SE NEO 4.0.4 原生瀏覽器 PASS

By Kelly
at 2012-11-03T00:50

剛剛才去爬R大的文章之後就懂了

By Heather
at 2012-11-05T19:34

爽爽aec2 沒事

By Robert
at 2012-11-07T21:32

SS Chrome中獎

By Wallis
at 2012-11-11T09:54

Sensation 4.0.3 中獎...

By Vanessa
at 2012-11-12T09:28

DHD刷Kent4.2 原廠瀏覽器中獎 Opera Mobile沒事

By Franklin
at 2012-11-14T15:20

pass~~~acro s

By Carolina Franco
at 2012-11-17T21:54

j原生+酷龍中獎

By Faithe
at 2012-11-20T06:13

DHD R6中…這目前有辦法防堵嗎

By Belly
at 2012-11-22T11:57

XP 沒事

By Andy
at 2012-11-26T18:29

Defy+ QissMe Opera沒有原生瀏覽器有

By Caroline
at 2012-11-28T15:56

DHD可以考慮直接刷成4.1的ROM

By Iris
at 2012-11-28T23:29

這個嚴重的點是甚麼＠＠？

By Daph Bay
at 2012-12-03T01:20

我剛剛輸入後跳到撥號畫面然後IMEI碼也有出來
這是代表中獎了嗎 orz

By William
at 2012-12-04T18:11

tab2 4.04 安全

By Necoo
at 2012-12-05T11:54

YA S2 原生ROM 4.0.4 LPQ - SAFE !

By Anonymous
at 2012-12-08T21:09

原生好像都會中，我覺得這根本是瀏覽器的漏洞

By Dorothy
at 2012-12-10T06:08

note 海豚中了= = 所以中了會怎樣嗎..

By Noah
at 2012-12-14T17:17

SE Arc S/4.0.3/已root/chorme/pass/測試完當機

By Emma
at 2012-12-19T09:55

XS&XP 原生safe

By Elma
at 2012-12-20T21:36

LG P920沒中

By Elizabeth
at 2012-12-22T16:51

LG P500刷cm7 nightly也中…orz

By Zenobia
at 2012-12-24T18:42

s3 沒中吧，只跳出撥號畫面XD

By Jacky
at 2012-12-25T23:00

Moto Razr沒事

By Queena
at 2012-12-26T12:07

用opera開沒事…真的是原生瀏覽器問題

By Callum
at 2012-12-28T23:32

S2 刷Rootbox1.8(4.0.4) ICS+ browser中獎...

By Emily
at 2012-12-31T08:43

note換了opera後沒有跳出撥號畫面了..

By Suhail Hany
at 2013-01-05T01:51

s2刷機4.0.3LPG opera沒事海豚跟原生都中

By Vanessa
at 2013-01-07T22:24

one S 中標

By Audriana
at 2013-01-12T07:47

三星的手機是會直接恢復原廠.其他家不會所以說嚴重嗎...

By Isabella
at 2013-01-15T02:08

可能要等駭客開發

By Olivia
at 2013-01-18T10:11

有鈦備份之類的軟體其實倒也不會太嚴重

By Edith
at 2013-01-21T03:19

onex中標@@

By Mia
at 2013-01-25T06:02

SS Chrome 原生中獎

By Belly
at 2013-01-28T12:45

S3沒中獎

By Emma
at 2013-01-28T23:27

i9103 4.0.4 lq9 沒事

By George
at 2013-01-30T10:38

onex中!

By Heather
at 2013-01-31T01:42

note 4.0.4 海豚及原廠browser safe

By Caitlin
at 2013-02-01T10:05

one s, gg

By Xanthe
at 2013-02-05T06:09

S2 4.0.4 root 原生 chrome 海豚沒事

By Eden
at 2013-02-06T04:12

Xperia S with KA13.1 Xperia SSpeed 無事 ~ XD

By Jacky
at 2013-02-07T13:58

lt28h ICS 沒事

By Madame
at 2013-02-10T05:22

有彈出但沒跳出IMEI

By Xanthe
at 2013-02-12T21:11

TAB2 7.0

By Blanche
at 2013-02-13T09:26

原生和firefox都一樣

By Edwina
at 2013-02-15T19:46

one s 原生、Chrome都中標

By Sierra Rose
at 2013-02-20T04:16

原廠瀏覽器有事，Opera Mobile沒是

By Sierra Rose
at 2013-02-21T15:51

desire 刷MildWild CM 4.3 海豚、原生瀏覽器都中獎囧

By Agatha
at 2013-02-24T01:52

原廠瀏覽器我是跳出要使用哪個撥號app開啟
點其中一個就會出現imei
又一次驗證Opera的強大(?)

By Elvira
at 2013-02-25T08:04

中獎昨天才剛刷机

By Joseph
at 2013-03-01T08:57

S2 4.0.4LPP 只出現撥號盤，沒有*#06#，這樣算是？

By Dorothy
at 2013-03-03T20:50

P990 原生瀏覽器中獎

By Hardy
at 2013-03-05T04:08

Xperia P升級ICS 4.0.4 安全

By Freda
at 2013-03-07T00:58

ME865 正常~

By Necoo
at 2013-03-08T04:20

Desire 刷 RSK S.E. 原生browser 中獎

By Erin
at 2013-03-11T08:48

Defy+ CM10 原生沒中 Opera和Chrome應該不用測了XD

By Rae
at 2013-03-14T14:41

IS 原廠瀏覽器中!

By Skylar Davis
at 2013-03-16T13:36

s2 4.0.4 正常

By Zenobia
at 2013-03-19T22:57

看來USSD的漏洞HTC比較嚴重...?

By Christine
at 2013-03-21T21:37

GN 4.1.1 正常 (原生瀏覽器)

By Queena
at 2013-03-26T07:45

se st15i pass

By Megan
at 2013-03-31T06:20

SS毒蛇1.3.5中獎XD

By Delia
at 2013-04-05T03:14

DHD jelly time 安全

By Liam
at 2013-04-05T23:30

i9103原生中標，用opera沒跳出

By Vanessa
at 2013-04-06T07:09

S2 4.0.4 沒有跳出任何東西! 安全:)

By Edith
at 2013-04-10T15:51

arc 4.0.4 無root 原生瀏覽器 pass

By Franklin
at 2013-04-14T21:03

IS 4.0.4 原廠 Chrome 海豚全中

By Selena
at 2013-04-17T14:43

padfone+chorme中了

By Emma
at 2013-04-20T18:51

moto Atrix 原廠2.3.3 中了..

By Candice
at 2013-04-22T04:35

野火S 原生 root 2.3.5 中

By Lydia
at 2013-04-25T15:07

ion lt28i 2.3 safe

By Lily
at 2013-04-25T23:03

SE Arc 2.3.3 原生瀏覽器【中鏢】

By Ingrid
at 2013-04-28T19:06

1X chrome 中了

By Skylar Davis
at 2013-04-29T09:53

S3沒中!

By Susan
at 2013-04-30T03:29

neo 2.3.4 root 海豚沒事

By Xanthe
at 2013-05-01T17:07

one x 原生中

By Belly
at 2013-05-02T05:45

MOTO RAZR MAXX 中T.T

By Margaret
at 2013-05-02T18:36

Motorola Atrix 原廠 2.3.4 Oprea 中

By Caitlin
at 2013-05-02T22:49

Opera

By Ula
at 2013-05-04T15:03

S3 沒事

By Catherine
at 2013-05-08T14:14

換成OPERA只跳出網頁頁面沒到撥號頁面@@

By Joe
at 2013-05-13T08:01

SS XE 原廠 2.3.4 原生瀏覽器中

By Frederic
at 2013-05-13T12:38

XE 原生跟chrome都中...

By Anonymous
at 2013-05-15T01:23

GN刷codename，用firefox跟原廠都會跳到撥號介面出現*#06#
但不會出現imei碼.

By Caitlin
at 2013-05-15T09:52

Xperia ray/CM9.1/Chrome 中獎

By Ina
at 2013-05-17T12:11

asus padfone 原生瀏覽器也中獎～

By Emma
at 2013-05-20T20:43

EVO 3D 原生 Chrome 海豚都中獎

By Frederica
at 2013-05-24T06:52

SS中了.......2.3.5 沒刷

By Delia
at 2013-05-28T00:46

Desire CM7中獎...>_<

By Jacky
at 2013-05-31T19:46

Moto atrix USA version jackpot.

By Todd Johnson
at 2013-06-01T19:00

SE ArcS / 4.0.4 / 已root / 原生瀏覽器 / 沒事

By Carolina Franco
at 2013-06-04T17:33

s2 2.3.5 中獎..

By Oscar
at 2013-06-06T16:25

DHD沒中

By Frederica
at 2013-06-09T09:12

原生&chrome有跳選擇撥號程式用內建的會跳IMEI,另外裝的no

By Linda
at 2013-06-12T08:22

MOTO RAZR XT910 原廠2.3.6 用內建瀏覽器中獎

By Andy
at 2013-06-14T00:55

使用Opera Mobile沒事

By Hamiltion
at 2013-06-14T10:20

Xperia Pro 4.0.4 root 內建瀏覽器沒事

By Queena
at 2013-06-15T02:58

LG4XHD 原廠瀏覽器無root 沒事 ^^

By Elma
at 2013-06-16T22:22

SE neo v 4.0.4 root GC/FF開第一次顯示中獎第二次就safe...

By Heather
at 2013-06-18T12:44

歐版one s 用chrome 中…

By Skylar DavisLinda
at 2013-06-21T21:04

padfone 海豚瀏覽器跟原生瀏覽器都中...

By Jessica
at 2013-06-25T12:22

lg lte2 沒事

By Quanna
at 2013-06-26T11:43

one x本來有刷狂大更新（XDA也有）就正常了

By Thomas
at 2013-06-28T07:20

S3 沒事

自我檢測Android漏洞 - Android

All Comments

Related Posts

app不能安裝ˊˋ

acer A510與Galaxy Tab 2 10.1那個CP值高

XP剛ROOT完要如何用國外GOOGLE PLAY

刷過的機子,回復預設內容的方法

刪除Widget