The last three generations of Google Nexus smartphones are reportedly vulnerable to a mass SMS attack. According to PC World, it can cause a Nexus smartphone to typcially reboot or fail to connect to the mobile Internet service. The issue was discovered by Dutch IT services company Levi9’s Bogdan Alecu and affects the Galaxy Nexus, Nexus 4 and Nexus 5.
The attack is made up of a large number of Class 0 SMS messages. These Class 0 SMS messages are special in that they are displayed directly on the phone’s display without being saved. Typically, a user should be able to read the message and either save it or dismiss it. But should enough of these be received and not dismissed, they will simply stack one on top of another. According to Alecu, once 30 or so messages are received, the smartphone starts to behave erratically, most often simply rebooting.
Other observed behaviours include losing connection to the mobile network and messaging app crashes. It can also simply become responsive, requiring a manual reboot.
Alecu reportedly found the denial-of-service vulnerability over a year ago. He tested about 20 devices and found that only the Nexus smartphones appear vulnerable. He informed Google of the issue and was told that the issue would be fixed in Android 4.3. Unfortunately, it remains open even in Android 4.4 KitKat.
PC World reached out to Google and was told by a company representative that “We thank him for bringing the possible issue to our attention and we are investigating.”
Let’s hope that we soon see a fix for this issue. In the meantime, a Google app called Class0Firewall has been developed to address this issue based on a defense proposal developed by Alecu himself.
Sources : PC World // Class0Firewall