A researcher discovered that Google Nexus phones – including Nexus 5 – are vulnerable to denial-of-service attach through flash SMS messages.
No sooner did Nexus 5 make its debut on the market with its stunning features and the latest Android 4.4 KitKat did its goodwill get affected by the recent reports of being susceptible to DDoS attack via Flash SMS messages.
Google’s Nexus 4 and Nexus 5, are susceptible to SMS attack, in the sense that, an attacker can send a number of Flash SMS messages to the phone, in order to force to reboot the phone and/or lose its network connection.
Flash SMS is a kind of message, which is defined in GSM specifications. These messages get displayed directly on to the screen, rather than automatically getting stored in Inbox. Once received, the user has an option either to save the message or simply dismiss it.
The system administrator of Levi9, a Dutch IT services company, Bogdan Alecu discovered that Nexus phones are vulnerable if and when the attacker sends about 30 Flash SMS messages to the phone. These messages, on arrival, would appear promptly on the smartphone’s screen. In case if these messages aren’t dismissed immediately, the phone becomes defenseless.
In the Nexus phones, whenever such a Flash SMS is received, it gets displayed on the top, above all the other active windows. The screen becomes dim when such a message arrives. However on the arrival of a second Flash message, while the first one hasn’t been saved or dismissed, the second message appears above the first message, and the screen dims further.
Additionally, the biggest problem is that Nexus phones are missing audio notifications for these messages. Hence, such messages would go unnoticed until the user actually looks at his phone.
Alecu observed that usually, the Nexus smartphone would reboot. If in order to unlock the SIM card, a pin is required then the phone won’t connect to the network after rebooting process. The user won’t even notice this unless he looks at his phone. While the phone doesn’t connect to the network, the phone won’t receive any calls, messages and any other types of notification.
Another observation made by Alecu, which occurs rarely is that the phone won’t reboot. Instead, it will only lose network temporarily. However, once the network is restored the phone will receive all the notifications except the users won’t be able to access Internet unless the phone restarts. In some other cases, the messaging app crashes yet the system restarts it automatically.
Meanwhile, Alecu contacted Google to bring this particular flaw to their notice before he decided to reveal this problem in public. In an email, a Google representative said, “We thank him for bringing the possible issue to our attention and we are investigating.”