Ladybug Mobile Tech
http://dylanreeve.posterous.com/remote-ussd-attack
rbbrittain responded:
https://play.google.com/store/apps/details?id=org.mulliner.telstop
http://dylanreeve.posterous.com/remote-ussd-attack
rbbrittain responded:
Actually, as long as you do NOT set a default dialer ANY app with a tel:
URL handler (i.e., TelStop or ANY secondary dialer) should at least
minimally work. The pop-up ALONE prevents the URL from working
automatically; simply back out of the pop-up and you're safe. (DO NOT
select any vulnerable dialer in the pop-up, stock OR secondary; TelStop
is OK as long as it's NOT the default.) OTOH, if you DO set a default
dialer it MUST handle USSD codes like Dialer One.
https://play.google.com/store/apps/details?id=org.mulliner.telstop
