Google Nexus Phones are Vulnerable to SMS Based Attack

clip_image001

If you are an owner of a Smart phone belongs to the Google Nexus family and confronting frequent reboot or abnormal behaviour in your phone then you should be cautious, because you may have been a victim of a recent Nexus based mobile flaw that prompt your Smartphone to reboot on its own, or lose the Network connectivity by just receiving a simple Flash Text Message.

Bogdan Alecu, an Independent security researcher, had exposed this vulnerability publicly after his e-mail were overlooked by Google, according to him, “Someone from the Android Security Team responded in July and said the issue would be fixed in Android 4.3, but it wasn’t.”

This Bug has only affected Nexus devices which are running under Android versions of Ice Cream Sandwich through Kit Kat; this includes Google Galaxy Nexus, Nexus 4 and Nexus 5 phones.

When an individual – probably an attacker – sends a huge number of Flash messages to the phone (about 30 or even less), and if the messages are not discarded by the receiver right away, then the Nexus device start behaving in unusual ways and may sometime causes repeated reboots, in such scenario, if a PIN is required to unlock the SIM, the phone wouldn’t be able to connect to the network, and since there is no network connection, the handset would not receive any calls, messages or any type of notifications.

In case if you don’t know, Flash Messages are a kind of text-messages which appears directly on the main screen of the phone without any user communication, and is not automatically stored in the inbox.

In Android devices, it is normally received as a system alert and flashes on the screen as soon as it is received. These messages are beneficial in urgencies such as a fire alarms or instances of confidentiality, as in delivering one-time passwords.

Here is an illustration of one such message grabbed from Google,

clip_image003

So what are you supposed to do if you’re a Nexus owner and have facing such kind of behaviour?

The good news is that Alecu along with Michael Mueller – an IT security consultant from Germany had developed an app that allows users to set a limit on how many Flash messages their device should receive in a certain period of time; This app is called Class0Firewall and is already available in Play Store, here.

As far as the official fix is concerned, Google told PCWorld that it’s examining the issue, and that so far the flaw appear to be more like a pique than a significant security bug, Google, nonetheless still plans on getting it fixed as earliest as possible.

In case if you are interested, Alecu had published some videos of tests he performed on Galaxy Nexus and Nexus 4
phones.


  • This is nothing like what happened with Apple’s Iphone. I nearly trolled dozens of my peeps with that simple hack :p

    Ronay walay ho gaye thaay saaray :D

    This is not much of a vulnerability if it requires 30 SMS to do its work, unlike iOS, where just 1 message was enough to force reboot the phone :v

    • The iOS issue was fixed ASAP! As for Android
      “Bogdan Alecu,
      an Independent security researcher, had exposed this vulnerability
      publicly after his e-mail were overlooked by Google, according to him,
      “Someone from the Android Security Team responded in July and said the
      issue would be fixed in Android 4.3, but it wasn’t.””

      ‘Nuff said.

  • Ltd feature videos

    Watch more at LTD

    close
    >