Security researcher Bogdan Alecu discovered a vulnerability that exposes Nexus devices to denial-of-service attacks based on a special type of SMS.
As first reported by PC World, the attack is based on Flash SMS, also known as Class 0 SMS, which is a type of short message that appears directly on the display of the recipient device without being stored in the inbox. Flash-SMS is a part of the GSM specification that carriers sometimes use to issue alerts or for other types of special communication.
Alecu found that flooding a Nexus device with Flash SMS messages can cause abnormal behavior, including rebooting, freezing, and crashing. Around 30 messages sent in quick succession will usually cause the device to reboot. If the SIM card is protected by a PIN, the device will not connect to the network after the reboot as normal. Another reboot should solve the problem. Because Flash SMS don’t trigger a sound notification, even if one is set for normal SMS messages, users under attack may not realize that their device has lost connectivity until they look at the phone. In other cases, the phone doesn’t reboot, but loses data connectivity. Again, a restart restores the normal functionality of the device.
According to Alecu, the vulnerability affects all recent Nexus smartphones, including the Nexus 5, running Android ICS and above. The researcher claims he alerted Google about the vulnerability a year ago, and while the company promised to patch it in Android 4.3, the issue is still present in KitKat. This may be a problem specific to Google’s phones, as Alecu claims he tested 20 non-Nexus devices that are not vulnerable to this type of attack.
There are several apps in the Play Store that can send Flash SMS messages, including one made by Bogdan Alecu. The researcher also released a proof of concept app that protects Nexus devices from the vulnerability he described.
How serious is this problem? The issue doesn’t give attackers access to the phone in any way, so the biggest potential problem is temporarily losing voice and data connectivity. If someone targets you, it can cause frustration and confusion, but it’s likely that the vulnerability will be used for pranks more than anything else. Still, it’s a DOS type attack that Google shouldn’t ignore. The company told PC World that it’s investigating the issue.