There’s no doubt that, in line with its continued popularity, Google has done a stellar job in improving its Android mobile operating system, and it is now vastly more functional, aesthetically pleasing and thriving than ever. But the issue of vulnerability and security risk – somewhat unavoidable on an OS boasting tens of millions of users and an open-source ecosystem – simply won’t go away, and the latest in a string of issues to have blighted the progress of Google’s mobile endeavors, it now seems that Nexus handsets are susceptible to DoS attacks via flash SMS messaging.
Although Google doesn’t directly manufacture any of the Nexus devices – a chore divided by ASUS, LG and in the past, Samsung and HTC – it has been discovered by one IT company that attackers could force the company’s brand of smartphone into a reboot by sending a mass of specific type of SMS messages to them. Moreover, an individual could also jeopardize a device’s ability to connect to mobile Internet, and although we’ve heard these kinds of scary stories before, this is perhaps one of the more alarming revelations in the world of Android security.
The problem has been discovered by Bogdan Alecu, who works for Dutch IT services company Levi9. Devices affected include the Galaxy Nexus, Nexus 4, and the all-new Nexus 5 – specifically those running on Android 4.x – and once an attacker takes aim, the special Class 0 SMS, or flash SMS, can really cause some damage.
These kinds of messages show up on display, but feature no audible notification, and also, aren’t stored automatically, leaving the user with an option to view or dismiss it. The trouble is that on Google Nexus devices, the message overlays everything else, dimming out the background with an feint overlay, and if the message is ignored, the next massage sits atop it, gradually obscuring and dimming the display.
30 or so messages later, a Nexus device begins to act up, with rebooting being a common theme, but since this can all be going on without a user realizing, a reboot can cause the SIM to lock, and until that PIN is entered, a user would be offline – unable to receive calls or other correspondence – without even realizing what was occurring.
For those of you decidedly worried by this, a remedy is at hand in the form of Class0Firewall, an app that can be found over at the Play Store, which you can download from here, so if you don’t want to run the risk of encountering a DoS attack, be sure to pick up the free utility right now!