Hacker News new | past | comments | ask | show | jobs | submit login

Here's a safe version of the exploit that displays your IMEI: http://kristofferR.com/samsung.html

Check the html in your desktop browser first, for all you know I might as well be a malicious douchebag.

The exploit seems to require a stock Samsung Galaxy dialer, works fine on my cheap Samsung Galaxy Y but not on my friend's modded S3 with a vanilla Android dialer.




Or you could have a script that, when notices the user agent to not be mobile, shows the IMEI version, but otherwise shows the reset version :P


Except there is no javascript on that page. They could do the same thing server side though


There is no reason to assume that "script" means javascript or client-side script.

(Perhaps the comment was edited after you suggested the correction)


no script required...apache has a setenvif module that can do a special action based on browser, refer, ....


Doesn't work on my Galaxy Nexus, stock 4.1...


Hm, _does_ work on my GN, stock 4.0.4.


2nd


Works on GN stock 4.1 too


To people reporting that this works on other devices such as HTC phones, this doesn't mean your phone is vulnerable: First, the hash-star code to display the IMEI number is standard, while the reset code is device specific. Second, as I understand it the problem with the Galaxy S3 is that it doesn't ask for user confirmation after the reset code is entered.


Can anyone confirm that this is not only a safe USSD, but that it triggers the exploit? I am not an owner of a S3, but would love to be able to help show some of my non-tech friends whether they are vulnerable to this or not


I've tested this using both a galaxy S2 and S3. On the S2 the above page is safe and triggers the exploit to view the IMEI. On the S3 it launches the dialler however, the dialler is empty and does not display the IMEI.

After investigating further, the S3 does not launch codes that begin with * # but will trigger the factory reset code which is in the format of * 1234 * 1234 #

Edit: Those with an S3 can confirm this by visiting http://no.tl/s.html in which I've embedded * 1234 * 1234 # (which is not the reset code, but is the same format)


Works on a stock Galaxy S2 with Samsung ICS, and a random stock HTC (colleague's phone). Triggers IMEI display via dialer from both Chrome and Browser :(


It looks like it does not work. It opens telephone keyboard on my S3, but except that nothing happens. EDIT: i'm using Jelly Beans


It is safe, and on my stock international S3 with Chrome as the browser it opens the dialer and displays my IMEI number, as advertised.

It seems to me that there's no reason at all to allow URI's beginning with tel: as the source of a frame. Surely that's a fair limitation?


The approach of prompting the user "Do you want to call this number?" is far simpler and safer. After all, you could probably use tel: links or tel: redirects or something if the frame didn't work.


Confirmed on a Samsung Droid Charge running a rooted version of the stock Verizon EP4 release of Android 2.3.6 Gingerbread.


Opera mobile asks for confirmation before loading the frame.


I opened it in my desktop firefox and it showed «Sent to phone» notify of firefox2phone plugin which uses chrome2phone protocol.


Right now, the frame's source is tel:*%2306%23


Yup. %23 makes the #-sign, making the number *#06# which is the default IMEI code on most phones out there.


Yeah, doesn't exploit my Galaxy Nexus, though.


Works fine on older Samsung Galaxy Y Pro, the budget touch-screen/keyboard (i.e. BlackBerry form-factor with touch) phone.


Displayed my IMEI on an HTC Legend circa 2010, with Cyanogen 7.1, just to add to the data.


Same for HTC Desire Cyanogen latest 7.2


"Web page not available" using Browser on SK17i running CM9.1.0


Works on a Verizon Thunderbolt running Cyanogenmod


Works on my HTC Evo Shift with Cyanogen mod 7.2


safe version confirmed to work for HTC Desire


Works on Nexus One 2.3.6 as well.


Works on HTC Bravo with CM7.1.0


Works on stock Galaxy Note too




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: