<p>It turns out that the "Dirty USSD" exploit demonstrated yesterday on Samsung devices affects all Android devices running anything below Android 4.1.x aka Jelly Bean.</p><p>Just to recap, the exploit (disclosed by researcher Ravi Borgaonkar at Ekoparty in Buenes Aires) uses the Android dialer to automatically "call" a USSD code (no user permission required!); the code can be spread through legit-looking URL, an NFC attack, or a malicious QR code.</p><p>The most threatening USSD code, a factory reset, was specific to Samsung TouchWiz phones and has already been disabled by Samsung. However, there are many other USSD codes that work on different Android devices, though viaForensics's Ted Eull said they aren't so easy to find.</p><p>At first we thought the vulnerability involved a combination of the Android dialer and the stock browser, but turns out it has nothing to do with the browser. Mobile security consultancy viaForensics was able to replicate the exploit with Firefox and Dolphin browsers, and concluded that the problem is just the Android dialler.</p><p><a href="http://securitywatch.pcmag.com/none/303186-my-android-device-is-vulnerable-to-a-dirty-ussd-hack-now-what">Keep reading...</a></p><p>Read also:</p><p><a href="http://afr.com/f/free/technology/digitallife/nasty_bug_wipes_android_phones_r6H3V82AK35WwJ9X4tVaRI">Nasty bug wipes Android phones</a> (The Australian Financial Review)</p><p><a href="http://www.itworld.com/security/298784/ussd-attack-not-limited-samsung-android-devices-can-also-kill-sim-cards">USSD attack not limited to Samsung Android devices, can also kill SIM cards</a> (ITworld.com)</p><p><a href="http://www.examiner.com/article/some-android-phones-vulnerable-to-remote-wiping-due-to-dialer-behavior">Multiple Android phones vulnerable to remote wiping, due to dialer behavior</a> (Examiner.com)</p><p>Explore: <a href="http://news.google.com/news/more?pz=1&ned=us&ncl=dc_NjYPrZ55sNUMBRailnS8edyqYM">39 additional articles.</a></p>