Google's latest Nexus smartphones are vulnerable to an attack in
which someone could force the phones to reboot or lose their network
connection by sending them a large number of a certain kind of SMS
message, according to PC World.
Bogdan Alecu, a system administrator at Dutch IT services company Levi9,
reportedly found that the vulnerability can occur when an attacker
sends about 30 so-called Flash SMS messages -- messages that appear
immediately on the phone's screen on arrival -- to the Galaxy Nexus, the
Nexus 4, or the Nexus 5. If the messages aren't promptly dismissed, it
opens the phones up for attack. Alecu plans to present his findings
Friday at the DefCamp security conference in Bucharest, Romania.
One of the problems Nexus users face is that they won't be automatically
alerted with an audio tone when a Flash SMS message is received, which
could allow an attacker to send a lot of them quickly before they're
noticed or dismissed, PC World reports.
According to Alecu, the SMS overload can result in several
issues, including the phone rebooting, which is the most likely outcome.
In that case, if a PIN is required to unlock the SIM card, the phone
won't connect to the network after rebooting. Another problem that can
occur is that the messaging app crashes, but the system then
automatically restarts it.
Alecu told PC World that while the issue appears to affect the latest Nexus smartphones running
Android versions Ice Cream Sandwich through KitKat, it hasn't worked on other phones he's tested.
We've reached out to Google for comment on how the company plans to
address the issue and will update this post when we learn more. Alecu
told PC World that he reported the issue to Google, but that it hasn't
yet been addressed.
No comments:
Post a Comment