SMS security flaw affects Nexus devices, Android 4.3 and 4.4

November 29, 2013
3

A vulnerability has been discovered in Nexus phones, which could render them useless. By sending a particular type of SMS message, the phone is forced to reboot and, in some instances, reconnect to the mobile data service. With that, users may not know their device hasn’t reconnected, essentially making it useless for a period of time.


By sending bulk Flash SMS messages, sometimes referred to as Type 0 SMS, the device forces itself to shut down. Upon relaunch, the device may need to reconnect to mobile data connectivity via unlocking the SIM Card. If a PIN is required to unlock the SIM card, and the user is unaware, the device is left dormant until the SIM is unlocked. During the downtime, the phone can’t make or receive calls, messages, or access any data service via a mobile connection.

The Developer who discovered the issue, Bogdan Alecu, also notes that on rare occasions, a reboot doesn’t occur. In those instances, the phone reconnects itself, allowing for messaging via SMS and phone calls, but the mobile data connection is severed until a manual reboot occurs. When messages are received, the screen displays the message via pop-up, with a slight darkening around the message. When 30 or more are received, these issues occur.

lg-nexus-4

It’s worth noting that you may not even be aware of the messages. They often slip through without making themselves known, even if you have a notification sound set for your messages. Google has already been made aware of this problem, and told Alecu as early as July that the 4.3 update would fix the issue. It didn’t, and is present in Android 4.4 as well as legacy iterations. When prompted for response, Google said “We thank him for bringing the possible issue to our attention and we are investigating.”

This has been tested on the Galaxy Nexus, Nexus 4, and Nexus 5. It was also tested on a variety of devices from other vendors, with none realizing the issues. If you want to safeguard yourself, an app by the name of Class0Firewall is available in the Play Store. This will allow for safeguarding against the amount of Flash SMS you receive, and can even ignore them after a threshold set by the user.


Recent Stories
  • http://attackoftheandroids.com/ Mat Lee

    I wonder if using text secure prevents this at all…

  • http://www.littletreecafe.com/ LittleTreeCafe.com

    “By sending a particular type of SMS message”??

  • Swati770

    Happened to me… my Nexus 5 just went blank restarted the the phone but still no phone service after hours without phone service I tried for a third time to restart it and all went back to normal.