Google Nexus vulnerable to SMS-based DOS attack

Pierluigi Paganini December 01, 2013

Bogdan Alecu, a system administrator at Dutch IT services company Levi9, discovered that Google Nexus phones are vulnerable to SMS-based DOS attack.

The popular family of Smartphones Google Nexus is vulnerable to SMS-based DOS attack that could cause the handset freeze and other anomalous behaviors.

Bogdan Alecu, a system administrator at Dutch IT services company Levi9, discovered the Google Nexus vulnerability that affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5.

The expert disclosed the vulnerability recently in the DefCamp security conference in Bucharest, Romania.

An attacker exploiting the flaw can force mobile device to restart, loose network connection or freeze by sending a large number of a special type of SMS messages, flash SMS.

A Flash SMS is a type of SMS that appears directly on the handset screen without user interaction and is not automatically stored in the inbox. It is enough to send around 30 Flash SMS messages to Google Nexus phone to cause the phone DOS.

Alecu reported to Google the discovery more than a year ago and was told back in July that the flaw would be addressed in Android 4.3, but nothing is changed.

According to the expert the attack can produce various problems to the targeted Google Nexus Mobile:

It will either say that the Messaging application has stopped
Cause a reboot – this is what happens in most of the cases
Make only the Radio (mobile network communication) app restart, but then the device will no longer be able to use mobile data (it can not connect to the APN)

Alecu discovered the vulnerability casually, while he was testing different message types and for the class 0 messages he noted that the popup being displayed also adds an extra layer which makes the background darker.

“Then my first thought was: what happens if I send more such messages? Will it make the entire background go black? If so, wouldn’t this cause a memory leak? The answer is “Yes” for both of the questions. So, basically, by sending around 30 Class 0 messages, it will make the Google device behave strangely’.” said Alecu to my colleagues at the TheHackerNews.

Waiting for the fix for Google Nexus mobiles, users can install the free Class0Firewall app to protect their handset from the DoS attacks.

Pierluigi Paganini

(Security Affairs – Google Nexus, DoS)

Android DefCamp Denial of Service Dos Attack Flash Sms Google Nexus mobile Sms Hacking The Hacking News vulnerability

Pierluigi Paganini September 04, 2025

Severe Hikvision HikCentral product flaws: What You Need to Know

Pierluigi Paganini September 04, 2025