Google Nexus phones are vulnerable to rebooting via SMS attack

Google Nexus phones are vulnerable to rebooting via SMS attack
A vulnerability has been found that seems to only affect Google Nexus devices, although it isn't exactly all that serious of a vulnerability. The issue was found by Bogdan Alecu, a system administrator at Dutch IT services company Levi9, and presented at the DefCamp security conference in Bucharest, Romania today. The issue can lead to Nexus phones rebooting via an SMS attack.

The issue is caused by Class 0 SMS, or Flash SMS, which is a type of message that is immediately displayed on screen on top of all other apps until the user dismisses or saves it. Alecu showed that on the Galaxy Nexus, Nexus 4, or Nexus 5 running Android 4.x is vulnerable to rebooting or freezing if about 30 of these SMS messages are received and not dismissed quickly enough. Luckily, that's really the worst that can come of the vulnerability and none of your data can be compromised. 

And, there are also a number of apps (including one made by Alecu himself) that can help you limit the number of Flash SMS messages that will be accepted by your device, which can help you to avoid the issue. Alecu tested the attack on about 20 non-Nexus devices and none showed the same vulnerability. Alecu found the issue about one year ago and has tried to contact Google a number of times regarding the flaw, and received a response claiming that the issue would be fixed in Android 4.3, but it wasn't. When PCWorld contacted Google for a comment on the story, a Google representative said, "We thank him for bringing the possible issue to our attention and we are investigating."

source: PCWorld

FEATURED VIDEO

14 Comments

1. AfterShock

Posts: 4146; Member since: Nov 02, 2012

They would need to know your phone number and to know you have a nexus for this to work... Seems like it's not much of an issue.

14. jos_031

Posts: 62; Member since: Jun 12, 2012

trolling my house mate sending flash message to his nexus 5 after aeeing the news

2. dratomic

Posts: 483; Member since: Oct 09, 2013

aha. i didnt know why i dont like nexi until i saw this!!

3. AfterShock

Posts: 4146; Member since: Nov 02, 2012

Fall down the stairs much as a child?

6. Finalflash

Posts: 4062; Member since: Jul 23, 2013

No, the way he's talking I think the case is of him being pushed down the stairs....alas all attempts failed to yield a permanent solution to the problem of his existence.

10. AfterShock

Posts: 4146; Member since: Nov 02, 2012

I had never considered that angle. That made me chuckle. +1

4. zekes

Posts: 230; Member since: Aug 14, 2012

Oh no more security issues not surprised this is the freedom of open source you could have any virus on your phone for free

5. blazee

Posts: 414; Member since: Jan 02, 2012

read the article before posting

7. sprockkets

Posts: 1612; Member since: Jan 16, 2012

OK MR HOLLISTER MODEL

11. AfterShock

Posts: 4146; Member since: Nov 02, 2012

The potential really is for malware, which is a sideload issue, which all are susceptible to really there Skippy. Honestly your the type I'd suspect of getting a virus if not protected from your usage/habits.

12. sprockkets

Posts: 1612; Member since: Jan 16, 2012

He's more susceptible to the viruses transmitted through other means...

8. Joshing4fun

Posts: 1244; Member since: Aug 13, 2010

I'm not even sure what this means so I'm not too worried.

9. Tsoliades

Posts: 228; Member since: Dec 22, 2012

Basically, if you know how to do it, you can send a few texts to a Nexus phone and freeze it. Not a big deal.

13. cripton805

Posts: 1485; Member since: Mar 18, 2012

Basically if you have jerks for friends, they can spam you with 30+ flash messages and freeze/reboot your phone. I say that because it would have to be someone you know since this only works on Nexus devices. People arent going to send texts to random numbers wondering if they have a Nexus. Not much of a prank if it doesnt work.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.