Security researcher discovers SMS attack vulnerability in all newer Nexus smartphones

Shawn Knight

Shawn Knight

Posts: 15,289   +192
Staff member

Security researcher Bogdan Alecu recently discovered that newer Nexus smartphones like the Galaxy Nexus, the Nexus 4 and the just-released Nexus 5 are all susceptible to an SMS attack that can lock the handset up, reboot it or make it lose connection to the carrier network.

The attack reportedly works by sending a Nexus phone around 30 flash SMS messages. Flash messages are described as those that are immediately displayed on the screen and require immediate action. In the event the messages aren’t properly dismissed, the phone can lose its data connection, freeze or even reboot.

Part of the problem is that Nexus phones don’t alert users with an audio tone when a flash SMS is received. This allows an attacker to send the necessary number of messages in succession without the victim being aware of the incoming messages.

Alecu, who reported the flaw to Google, noted the vulnerability is present on the aforementioned Nexus devices running any version of Ice Cream Sandwich through Kit Kat. He reportedly tried the attack on 20 other devices with no luck and was told a fix was coming in Android 4.3 although it still hasn’t been patched.

Attackers are able to send flash SMS via a number of Android apps. What’s more, we are told that various phone services are now offering it as an option although prior to this report, I’d never heard of flash SMS. What about you?

Permalink to story.

https://www.techspot.com/news/54859-security-researcher-discovers-sms-attack-vulnerability-in-all-newer-nexus-smartphones.html

 
I love my Droid 4, its a great phone. But the Android OS's are all junk and about as insecure as a device gets, even with virus protection installed.
 
Just thought I'd test out my brand new Nexus 5 and what's the first article I read?

Doh...
 
amstech said:
I love my Droid 4, its a great phone. But the Android OS's are all junk and about as insecure as a device gets, even with virus protection installed.
Click to expand...

Android junk? I don't see huge amount of breaches happening anyway. Loop holes can always be found. Don't download *****ic software, remember to turn of Bluetooth when not being used and you don't even need AVS to hog up all the resources.
 
@ amstech: There isn't even a point in debating with you, clearly you have no idea what you're talking about.
 
@ amstech

What OS is more secure? WP and iOS? If so, how do you know they are more secure? You don't, you don't know anything about any OS so why talk?
 
People, you just don't understand! Android is an OPEN system. It doesn't only mean that it's bloated and slow, but also open to all threats. That's what open means, anyway. It's freedom! And democracy. If you are too uneducated - then go to the commie gay fanboy stupid closed proprietary limited regime of Apple. And don't let your uneducated opinions prevent innovation.
 
Android is open 'source'. It means the source code is available to everyone. There are pros and cons to each system. The benefit of open source is that the entire community (that understands the inner workings of the code) can theoretically work to fix the issues faster. The benefit of closed source, such as iOS, is that the owner has greater control over the project and presumably has hired professionals that really know their way around the code.
 
Guest said:
People, you just don't understand! Android is an OPEN system. It doesn't only mean that it's bloated and slow, but also open to all threats. That's what open means, anyway. It's freedom! And democracy. If you are too uneducated - then go to the commie gay fanboy stupid closed proprietary limited regime of Apple. And don't let your uneducated opinions prevent innovation.
Click to expand...
ANY OS is open to threats of any type unless of course you aint online with it.
 
Flash messages refers to (I believe) the 'broadcast' or 'emergency' SMS format. Usually this happens in situations like a tornado, where emergency services alert everyone of current events. The message appears as a pop-up because of importance.

Most telco's in Australia either don't use the format or it's unsupported.
 
Guest said:
@ amstech: There isn't even a point in debating with you, clearly you have no idea what you're talking about.
Click to expand...

I'm just a professional IT Specialist with a couple certifications, AOS degree and 15+ years experience in management information systems who has owned a couple droids; what would I know?
 
We can only hope the damn things will lock up while the people using them are driving their cars. Then maybe they'll at least have to shut up and put it down for a while.

God, when I read that back to myself, it seems naively optimistic.
 
captaincranky
I think smartphones are becoming very dangerous distraction, personally I would support locking everyone up for a week who is using their smartphone while driving!
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Unity demos AI-driven cyberpunk game showing why machines aren't about to replace game...
Replies
12
Views
196
redgarl
R
midian182
Security researcher charged with defrauding Apple out of $2.5 million, company thanks...
Replies
5
Views
220
WhoCaresAnymore
WhoCaresAnymore
D
Microsoft BitLocker encryption cracked in just 43 seconds with a $4 Raspberry Pi Pico
Replies
18
Views
466
bviktor
B

Latest posts

Back