Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google Nexus phones vulnerable to denial-of-service attack via Flash SMS messages

Lucian Constantin | Dec. 2, 2013
Attackers could force phones from Google's Nexus line to reboot or fail to connect to the mobile Internet service by sending a large number of special SMS messages to them.

A second attempt with the screen locked also failed to reboot the phone because only two of over 20 messages were immediately received. This may have been caused by a network issue or operator-imposed rate limiting. The messages did arrive later and the phone rebooted when unlocking the screen.

Alecu said that he discovered this denial-of-service issue over a year ago and has since tested and confirmed it on Google Galaxy Nexus, Nexus 4 and Nexus 5 phones running various Android 4.x versions, including the newly released Android 4.4, or KitKat.

Around 20 different devices from various vendors have also been tested and are not vulnerable to this problem, he said.

This doesn't exclude the possibility that some devices from other vendors are vulnerable, but so far it has only been confirmed on the previously mentioned Google Nexus phones.

Alecu claims he contacted Google several times since he found the flaw, but mostly got automated responses. Someone from the Android Security Team responded in July and said the issue would be fixed in Android 4.3, but it wasn't, Alecu said, adding that this contributed to his decision to disclose the problem publicly.

"We thank him for bringing the possible issue to our attention and we are investigating," a Google representative said via email.

In the absence of an official fix, Alecu worked with Michael Mueller, an IT security consultant from Germany, to create an application that can be used to block this kind of class 0 SMS denial-of-service attack.

The app is called Class0Firewall and is already available in Google Play. It can be used to configure a threshold for received class 0 messages, after which all subsequent messages are blocked for a period of time chosen by the user.

Because the attack causes the messaging app to crash and the phone to reboot, it suggests that something really bad happens inside the phone's memory, Mueller said via email. The bug should be further investigated to see if it can also lead to code execution, he said. "I see this as a serious vulnerability that has to be fixed by Google."

"Bogdan [Alecu] came up with the idea and asked if I could develop an app that prevents the class 0 messages from entering the device and thus prevent the denial-of-service attack," Mueller said. "He told me about his discovery and we came to the conclusion that it would be good to have a free app available at the time the vulnerability is made public to enable people to protect themselves from such an attack."

Alecu already published some videos of tests he performed on Galaxy Nexus and Nexus 4 phones.

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.