The Galaxy Nexus, Nexus 4, and Nexus 5 can be forced to reboot or lose their network connection if an attacker sends a large number of Flash SMS messages to them, PC World reports.
by Desiree Everts DeNunzio
November 29, 2013 12:47 PM PST
(Credit: Josh Miller/CNET)
Google’s latest Nexus smartphones are vulnerable to an attack in which someone could force the phones to reboot or lose their network connection by sending them a large number of a certain kind of SMS message, according to PC World.
Bogdan Alecu, a system administrator at Dutch IT services company Levi9, reportedly found that the vulnerability can occur when an attacker sends about 30 so-called Flash SMS messages — messages that appear immediately on the phone’s screen on arrival — to the Galaxy Nexus, the Nexus 4, or the Nexus 5.
If the messages aren’t promptly dismissed, it opens the phones up for attack.
Alecu plans to present his findings Friday at the DefCamp security conference in Bucharest, Romania.
NSA spy games targeted World of Warcraft
LG behind new Google Nexus 10, says leak
Google TV redo might be tagged ‘Nexus’
Quick and simple time-saving tips for the Nexus 7
Android 4.4.1 brings better photos to Nexus 5
One of the problems Nexus users face is that they won’t be automatically alerted with an audio tone when a Flash SMS message is received, which could allow an attacker to send a lot of them quickly before they’re noticed or dismissed, PC World reports.
According to Alecu, the SMS overload can result in several issues, including the phone rebooting, which is the most likely outcome. In that case, if a PIN is required to unlock the SIM card, the phone won’t connect to the network after rebooting.
Another problem that can occur is that the messaging app crashes, but the system then automatically restarts it.
Alecu told PC World that while the issue appears to affect the latest Nexus smartphones running Android versions Ice Cream Sandwich through KitKat, it hasn’t worked on other phones he’s tested.
We’ve reached out to Google for comment on how the company plans to address the issue and will update this post when we learn more.
Alecu told PC World that he reported the issue to Google, but that it hasn’t yet been addressed.