Friday, 6 December 2013

Nexus smartphones vulnerable to SMS bug


Nexus users beware, if you receive barrage of text messages on your phone -- someone might be trying to break in or cause other harm to your device. Bogdan Alecu, a system administrator at Dutch IT services firm Levi9, has discovered a new vulnerability that can cause Nexus smartphones running Android Ice Cream Sandwich through KitKat to reboot on their own or lose network connection.

The vulnerability can be exploited by attackers by sending Flash or Class 0 SMSs. A Flash or Class 0 SMS is a type of message that normally is not stored by the system and does not trigger any audio alerts. In Android devices, it is usually received as a system alert and flashes on the screen as soon as it is received. These messages are usually useful for flashing emergency information or one-time password to users.

Alecu describes that during the attack, these messages are stacked on top of each other, eventually locking up the phone and causing a crash or disabling the network connection.

The vulnerability was demonstrated live by Alecu at the DefCamp security conference in Bucharest, Romania. During the presentation, Alecu used a Nexus 4 running on Android 4.3. The device's screen unlocked after 30 flash messages were received and not dismissed. The device became unresponsive and several attempts to lock the screen failed. Alecu had to eventually reboot the device to make it work again.

Alecu reportedly discovered this vulnerability a year ago and claimed that he tested the exploit on some "20 different devices from various vendors," but that the issue appears to affect only the Nexus line of phones.

Alecu has been doing research on mobile security for many years and is a frequent speaker at security conferences like DEF CON, DeepSec, EUSecWest and DefCamp.

0 comments:

Post a Comment

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Justin Bieber, Gold Price in India