Friday, 29 November 2013

SMS vulnerability all Nexus phones including your newly acquired Nexus 5 lets anybody make it go crazy or stop functioning, check out the fix here

Security researcher Bogdan Alecu has found out very high risk and new SMS vulnerability in the Nexus phones.  This vulnerability can be used by any hacker or attacker to force your Nexus smart phone to overide whatever you are doing and malfunction, restart, freeze or even lose network. 
SMS vulnerability all Nexus phones including your newly acquired Nexus 5 lets anybody make it go crazy or stop functioning, check out the fix here

Bogdan's finding were brought to light in the PCWorld and all Nexus phones right upto the latest Nexus 5 are affected.  The attack operation is simple and easy to execute.  Any potential attacker has to just send 30 flash SMS messages to your Android 4.0 above based Nexus phones.  This messages get displayed immediately on your screen and cause the the phone malfunction.  

The report further adds that the loophole exists because the Nexus phones do not automatically alert users with an audio tone on receiving a flash message.  This allows the potential hacker to send several messages one after another which causes the Nexus to go mad due to radio failure or a full system reboot.  

Alecu added that he found the vulnerability in all the three latest Nexus smart phones running on Android v4.0 to v4.4 but it didnt work on other phone models he tested, concluding that this vulnerability exists only in Nexus devices.  

On his part he has reported the issue to Google but Google is yet to take any action.  Therefore Alecu has build a Android firewall App to stop this exploitation through rapid Flash SMS bombardment. 
https://play.google.com/store/apps/details?id=com.silentservices.class0firewall&hl=en

The App called Class0Firewall is available in Google Play Store here and provides a workaround to you.  You can install the App and set a threshold for the number of flash messages (called Class0 messages) you can receive successively.  This negates the vulnerability completely. To avoid your precious Nexus from being attacked you can also set how long the messages will stay blocked till Google comes up with a patch or fix for this issue.

No comments:

Post a Comment