Ravi Borgaonkar, a communication security expert, demo-ed how one could use this newly discovered fault in order to disable an unsuspecting victim’s sim card.
The attack is possible because of two major weaknesses seen in many Android smart phones. Because the preinstalled QR code reader application won’t ask you if you want to visit a scanned URL it is possible to open a malicious website that can hurt your phone. Next, if your phone’s browser will execute an embedded USSD code included on a website then your phone is vulnerable to this attack.
Other ways of getting a USSD code to be executed on your phone without your consent is by advanced text messaging or by NFC media.
To see if your phone is vulnerable to such an attack just scan the following QR code (beware: it will wipe your phone data!!)
