If you have a smartphone running on Android version 4.1 or earlier, then you may be vulnerable to the USSD hacks on malicious webpages and QR codes. Some of these malicious webpages have links with tel: protocol that can be used to dial numbers when a user clicks on them. Although these special URI’s are designed to make it easy for the users to call phone numbers on various webpages (for example, in the contact information of a company’s site), some of the attack sites can use them to make you dial harmful USSD codes to erase your system memory or factory-reset your smartphone.
The USSD codes are usually smartphone specific and are also useful when accessing the mobile service provider features. Typical USSD codes start with an asterisk and have multiple hashes (#) and asterisks (*) in them. For example, *123#, *367*11#, *#06# etc.
If you own a smartphone with Android 4.1 or earlier, then you can protect yourself from malicious USSD codes by using the free Avira USSD Exploit Blocker app. After the installation of the app, you can see the instructions in the app interface. There is nothing much else in this app interface.
But when you scan a malicious QR code using your smartphone camera, or tap on a malicious link (with tel: protocol) that launches a USSD code, then Avira USSD Exploit Blocker shows up on your screen. It allows you to open that USSD code either through the Avira USSD Exploit Blocker or through your phone. You should choose to open it through the Avira USSD Exploit Blocker and select Always in the options for permanent protection.
The next time you happen to come across such USSD codes, it will automatically block that USSD code and show the information about the blocking along with the USSD code itself. In the following snapshot, it has blocked the popular *#06# USSD code which displays the IMEI code of your phone and is not harmful.
Though Avira USSD Exploit Blocker stops the USSD codes from being launched through malicious QR codes and URI links on webapges, it does not stop you from entering the USSD codes yourself on your mobile phone.
Conclusion: The Avira USSD Exploit Blocker stops the malicious USSD codes, embedded inside QR codes and specially designed links on attack webpages, from being executed. If you are running Android version earlier than the version 4.1, then this app is a must for your smartphone.
You can download and install Avira USSD Exploit Blocker from https://play.google.com/store/apps/details?id=com.avira.android.telblocker.