Google Nexus phones vulnerable to rebooting through SMS related DoS attack

Google Nexus phones vulnerable to rebooting through SMS related DoS attack

Ice Cream Sandwich and KitKat, including Nexus smartphones may be forced to restart via an attack of sending thirty SMS class 0 or flash SMS.

System Administrator at Dutch society Levi9, Bogdan Alecu is also an independent security researcher in his free time. He just uncovered a vulnerability affecting all versions of Android 4.x Ice Cream Sandwich Nexus smartphone. Nexus 5 is no exception.

This vulnerability could be exploited when sending thirty SMS class 0. Otherwise known as flash SMS, it comes to messages that are displayed directly and immediately on the screen of the device. They are not stored in the device memory or the SIM card and do not generate an audio alert. They are deleted after viewing by the user.

Since there is no notification sound, an attacker can quickly send several SMS flash before a user noticing. Such flow can result in malfunction of the Nexus phone. The main symptom is a reboot. If so, whether a PIN is required to unlock the SIM card, the smartphone will not connect to the network after restart.

Other symptoms include temporary loss of connection to the wireless network, application crash message, etc. Significant and reassuring point, it is not possible to operate a remote code execution. Essentially, it is a problem and denial type of service issue.

Bogdan Alecu tested the vulnerability on devices other than the Nexus. They are not vulnerable. He says that he contacted Google several times but the problem has not been solved. The discovery of the Romanian security researcher, however, allowed the creation of an application called Class0Firewall. Available on Google Play, it provides protection against a flash SMS attack.

Download Class0Firewall from here.


Please enter your comment!
Please enter your name here