Google Nexus vulnerable to SMS-based DOS attack

Bogdan Alecu, a system administrator at Dutch IT services company Levi9, discovered that Google Nexus phones are vulnerable to SMS-based DOS attack.

The popular family of Smartphones Google Nexus is vulnerable to SMS-based DOS attack that could cause the handset freeze and other anomalous behaviors.

Bogdan Alecu, a system administrator at Dutch IT services company Levi9, discovered the Google Nexus vulnerability that affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5.

The expert disclosed the vulnerability recently in the DefCamp security conference in Bucharest, Romania.

An attacker exploiting the flaw can force mobile device to restart, loose network connection or freeze by sending a large number of a special type of SMS messages, flash SMS.

A Flash SMS is a type of SMS that appears directly on the handset screen without user interaction and is not automatically stored in the inbox. It is enough to send around 30 Flash SMS messages to Google Nexus phone to cause the phone DOS.

Alecu reported to Google the discovery more than a year ago and was told back in July that the flaw would be addressed in Android 4.3, but nothing is changed.

According to the expert the attack can produce various problems to the targeted Google Nexus Mobile:

It will either say that the Messaging application has stopped
Cause a reboot – this is what happens in most of the cases
Make only the Radio (mobile network communication) app restart, but then the device will no longer be able to use mobile data (it can not connect to the APN)

Alecu discovered the vulnerability casually, while he was testing different message types and for the class 0 messages he noted that the popup being displayed also adds an extra layer which makes the background darker.

“Then my first thought was: what happens if I send more such messages? Will it make the entire background go black? If so, wouldn’t this cause a memory leak? The answer is “Yes” for both of the questions. So, basically, by sending around 30 Class 0 messages, it will make the Google device behave strangely’.” said Alecu to my colleagues at the TheHackerNews.

Waiting for the fix for Google Nexus mobiles, users can install the free Class0Firewall app to protect their handset from the DoS attacks.

Pierluigi Paganini

(Security Affairs – Google Nexus, DoS)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.