News

Severe SMS Vulnerability In Nexus Phones Revealed



Details were revealed about a potentially serious SMS vulnerability found in all current Nexus phones at the DefCamp Security Conference in Bucharest, Romania. The person responsible for the discovery is Bogdan Alecu, a system administrator at Levi9 and independent security researcher in Romania. When exploited, the attack can force the phone to reboot or destabilize certain services.

The method of attack simply relies on sending a series of Class 0 “Flash” messages to the target phone. Flash messages are typically used for emergency or security purposes, appearing on the screen immediately instead of going to the default SMS application. When such a message arrives, no sounds are made but the background is dimmed and a single dialog box appears on top. Once 20-30 messages pile up, assuming the user isn’t clearing them, it overloads the system and leads to a few potential side-effects. Most commonly, the result is an unresponsive device or an immediate reboot, but the Messages app or cellular radio may occasionally crash or freeze up in some instances.



In the event that the cellular radio crashes, it may have some more serious consequences. If a target has their SIM locked with a PIN code, the phone will not be able to reconnect until the code is entered. From time to time, it’s also possible for the cellular radio to seize up, which can only be fixed by restarting the device. This is problematic because there are no audible prompts and the malfunction won’t be seen until the owner unlocks their screen, leaving them without service for potentially several hours.

Alecu first notified The Android Security Team to the issue over a year ago, but initially received only automated responses. Continued efforts were mostly unsuccessful, leading to the decision to disclose the vulnerability publicly. To mitigate potential threats, he collaborated with Michael Mueller, a Technical IT-Sec Auditor, to develop Class0Firewall, an app designed to protect the smartphone from Class 0 messages if they reach the threshold of becoming a denial-of-service attack.

Bogdan notes that the current attack is only capable of destabilizing a phone, but theorizes that it might be possible to force remote code execution. Based on limited testing with devices from various vendors, the vulnerability appears to only affect the Nexus line running on all versions of stock Android through to the current release of KitKat. None of the OEM variants checked were susceptible to the attack.

Hopefully the publicity will prompt Google to release a patch to block the issue as quickly as possible. Even if a fix is rolled out, it’s not entirely clear if the Galaxy Nexus will receive it now that it is no longer getting OS updates. A security update should be issues to all Galaxy Nexus device though in oder to patch the severity of this issue.

Thank you Android Police for providing us with this information
Video courtesy of mdforum.ru

Gabriel Roşu

Disqus Comments Loading...

Recent Posts

Krafton CEO Admits Hi-Fi Rush 2 May Not Be Profitable

In a recent interview, Krafton CEO Changhan Kim shared some surprising thoughts on the upcoming…

10 hours ago

EK Water Blocks EK-Nucleus CR240 Lux D-RGB All In One CPU Water Cooler

The EK-Nucleus AIO CR240 Lux D-RGB is an all-in-one liquid cooling solution offering a stylish…

16 hours ago

MSI GeForce RTX 4090 Gaming Trio X 24GB GDDR6X PCI-Express Graphics Card

FeaturesVirtual Reality ReadyYesColourPrimary ColourGreySecondary ColourBlackLightingLightingYesLighting ColourRGBClock SpeedsMax. Memory Clock21000 MHzStandards / SpecificationsAdaptive Sync Technology (G-Sync…

16 hours ago

BenQ Zowie 27″ XL2746K 1920×1080 IPS 240Hz 1ms Widescreen Gaming Monitor

SpeakersSpeakersNoStandards / SpecificationsAdaptive Sync Technology (G-Sync / Freesync)AMD FreesyncColourPrimary ColourBlackDimensionsWidth628.6 mmDepth217.9 mmHeight562.2 mmWeight12.7 kgDisplayDisplay Size27"Display…

16 hours ago

MSI 27″ Modern MD271UL 3840×2160 60Hz sRGB 139% Widescreen Productivity Monitor

LightingLightingNoColourPrimary ColourBlackSecondary ColourSilverDisplayDisplay Size27"Display ResolutionUHD (3840 x 2160 Pixel)Display Aspect Ratio16:9Display Refresh Rate60 HzDisplay Panel…

16 hours ago

AOC 32″ C32G2ZE/BK 1920×1080 VA 240Hz 1ms Curved Widescreen Gaming Monitor

FHD, 31.5” VA panel and curvature radius of 1500R create the flawless image quality of…

16 hours ago