ID: IRCNE2013112027
Date: 2013-11-30
According to “CNet”, Google's latest Nexus smartphones are vulnerable to an attack in which someone could force the phones to reboot or lose their network connection by sending them a large number of a certain kind of SMS message.
Bogdan Alecu, a system administrator at Dutch IT services company Levi9, reportedly found that the vulnerability can occur when an attacker sends around 30 so-called Flash SMS messages -- messages that appear immediately on the phone's screen upon arrival -- to the Galaxy Nexus, the Nexus 4, or the Nexus 5. If the messages aren't promptly dismissed, it opens the phones up for attack. Alecu plans to present his findings Friday at the DefCamp security conference in Bucharest, Romania.
One of the problems that Nexus users face is that they won't be automatically alerted with an audio tone when a Flash SMS message is received, which could allow an attacker to send a lot of them quickly before they're noticed or dismissed, PC World reports.
According to Alecu, the SMS overload can result in several issues, including the phone rebooting, which is the most likely outcome. In that case, if a PIN is required to unlock the SIM card, the phone won't connect to the network after rebooting. Another problem that can occur is that the messaging app crashes, but the system then automatically restarts it.
Alecu told PC World that while the issue appears to affect the latest Nexus smartphones running Android versions Ice Cream Sandwich through KitKat, it hasn't worked on other phones he's tested.
- 3