December 1, 2013
SMS Attacks Could Force Google Nexus Devices To Reboot
redOrbit Staff & Wire Reports - Your Universe Online
Reports have surfaced claiming attackers could force the most recent Google Nexus smartphones to reboot or lose their mobile Internet connection by sending a large quantity of one type of SMS message.
According to Lucian Constantin of IDG News Service, the vulnerability was discovered by Bogdan Alecu, a system administrator at Dutch IT services company Levi9. It apparently affects all Android 4.x firmware versions on the Google Galaxy Nexus, Nexus 4 and Nexus 5 devices.
Problems with the phone can arise after an attacker sends around 30 class 0, Flash SMS messages, or messages which immediately appear on the phone’s screen once they are received, explained CNET’s Desiree Everts DeNunzio. If those messages aren’t promptly dismissed, they can open up the device for attack, Alecu said Friday during the DefCamp information security conference in Bucharest, Romania.
“One of the problems Nexus users face is that they won't be automatically alerted with an audio tone when a Flash SMS message is received, which could allow an attacker to send a lot of them quickly before they're noticed or dismissed,” DeNunzio said. That means that the user could be unaware that he or she is receiving the messages, and if they pile up, they could result “in several issues,” the CNET reporter added.
Alecu told Constantin the most common outcome is that the phone reboots, and if that occurs and a PIN is required to unlock the SIM card, the phone will not connect to a mobile network following the reboot. During that time, the phone would not be able to receive calls, messages or other notifications requiring such a connection.
In some instances, the phone can also temporarily lose the mobile network connection without rebooting. While the connection is automatically restored and the device can handle incoming and outgoing calls, it will not be able to access the Internet over the network until the phone is restarted. On rare occasions, only the messaging app will crash. The software will be automatically restarted by the system and there is no lasting impact, he said.
“A live test at the conference performed on a Nexus 4 phone with the screen unlocked and running Android 4.3 did not immediately result in a reboot,” Constantin said. “However, after receiving around 30 class 0 messages the phone became unresponsive: Screen taps or attempts to lock the screen had no effect. While in this state, the phone could not receive calls and had to be rebooted manually.”
“Alecu said that he discovered this denial-of-service issue over a year ago and has since tested and confirmed it on Google Galaxy Nexus, Nexus 4 and Nexus 5 phones running various Android 4.x versions, including the newly released Android 4.4, or KitKat,” the IDG News Service added, noting that approximately 20 different devices from other vendors were also tested and are not believed to be affected by this issue.