Security researcher Bogdan Alecu discovered a vulnerability that exposes Nexus devices to denial-of-service attacks based on a special type of SMS.
The issue was discovered by Bogdan Alecu, a system administrator at Dutch IT services company Levi9, and affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5. Alecu is presenting the vulnerability Friday at the DefCamp security conference in Bucharest, Romania.
Class 0 SMS, or Flash SMS, is a type of message defined in the GSM specification that gets displayed directly on the phone’s screen and doesn’t automatically get stored on the device. After reading such a message, users have the option to save it or dismiss it.
On Google Nexus phones, when such a message is received, it gets displayed on top of all active windows and is surrounded by a semi-transparent black overlay that has a dimming effect on the rest of the screen. If that first message is not saved or dismissed, and a second message is then received, the latter is placed on top of the first one and the dimming effect increases. When such messages are received, there is no audio notification, even if one is configured for regular incoming SMS messages. This means that users receiving Flash messages won’t know about them until they look at the phone.
Alecu found that when a large number of Flash messages—around 30—are received and are not dismissed, the Nexus devices act in unusual ways.
The most common behavior is that the phone reboots, he said. In this case, if a PIN is required to unlock the SIM card, the phone will not connect to the network after the reboot and the user might not notice the problem for hours, until they look at the phone. During this time the phone won’t be able to receive calls, messages or other types of notifications that require a mobile network connection.
According to Alecu, the vulnerability affects all recent Nexus smartphones, including the Nexus 5, running Android ICS and above. The researcher claims he alerted Google about the vulnerability a year ago, and while the company promised to patch it in Android 4.3, the issue is still present in KitKat. This may be a problem specific to Google’s phones, as Alecu claims he tested 20 non-Nexus devices that are not vulnerable to this type of attack. Around 20 different devices from various vendors have also been tested and are not vulnerable to this problem, he said.
There are several apps in the Play Store that can send Flash SMS messages, including one made by Bogdan Alecu [Hush SMS]. The researcher also released a proof of concept app [Class0Firewall] that protects Nexus devices from the vulnerability he described.
Download link : Hush SMS
Download link : Class0Firewall
Thanks to PC world