Sunday, 1 December 2013

Google Nexus vulnerable to SMS-based DOS attack

Bogdan Alecu, a system administrator at Dutch IT services company Levi9, discovered that Google Nexus phones are vulnerable to SMS-based DOS attack.

The popular family of Smartphones Google Nexus is vulnerable to SMS-based DOS attack that could cause the handset freeze and other anomalous behaviors.
Bogdan Alecu, a system administrator at Dutch IT services company Levi9, discovered the Google Nexus vulnerability that affects all  Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5.
The expert disclosed the vulnerability recently in the DefCamp security conference in Bucharest, Romania.
An attacker exploiting the flaw can force mobile device to restart, loose network connection or freeze by sending a large number of a special type of SMS messages, flash SMS.
A Flash SMS is a type of SMS that appears directly on the handset screen without user interaction and is not automatically stored in the inbox. It is enough to send around 30 Flash SMS messages to Google Nexus phone to cause the phone DOS.
Alecu reported to Google the discovery more than a year ago and was told back in July that the flaw would be addressed in Android 4.3, but nothing is changed.
According to the expert the attack can produce various problems to the targeted Google Nexus Mobile:
  • It will either say that the Messaging application has stopped
  • Cause a reboot – this is what happens in most of the cases
  • Make only the Radio (mobile network communication) app restart, but then the device will no longer be able to use mobile data (it can not connect to the APN)
Alecu discovered the vulnerability casually, while he was testing different message types and for the class 0 messages he noted that the popup being displayed also adds an extra layer which makes the background darker.

“Then my first thought was: what happens if I send more such messages? Will it make the entire background go black? If so, wouldn’t this cause a memory leak? The answer is “Yes” for both of the questions. So, basically, by sending around 30 Class 0 messages, it will make the Google device behave strangely’.” said Alecu to my colleagues at the TheHackerNews.
Google Nexus Dos Flaw


Google Nexus Dos Flaw2
Waiting for the fix for Google Nexus mobiles, users can install the free Class0Firewall app to protect their handset from the DoS attacks.

No comments:

Post a Comment