The vulnerability, discovered by Bogdan Alecu, a system administrator at Dutch IT services company Levi9, and affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5.
The problem is with how the phones handle a special type of text message, known as a flash SMS. By sending around 30 Flash SMS (Flash SMS is a type of message that normally is not stored by the system and does not trigger any audio alerts) messages to Nexus phone an attacker can cause the phone to malfunction.
He presented the vulnerability on Friday at the DefCamp security conference in Bucharest, Romania. In an email exchange with me, he said 'I was testing different message types and for the class 0 messages I noticed that the popup being displayed also adds an extra layer which makes the background darker."
"Then my first thought was: what happens if I send more such messages? Will it make the entire background go black? If so, wouldn't this cause a memory leak? The answer is "Yes" for both of the questions. So, basically, by sending around 30 Class 0 messages, it will make the Google device behave strangely'."
According to the researcher, several possible outcomes can result from the overloading:
- It will either say that the Messaging application has stopped
- Cause a reboot - this is what happens in most of the cases
- Make only the Radio (mobile network communication) app restart, but then the device will no longer be able to use mobile data (it can not connect to the APN)
Android devices, by default, offer no easy way for users to send Flash messages, though there are several apps available to do so.
Alecu says that he discovered the issue more than a year ago and he contacted Google and was told back in July that the issue would be addressed in Android 4.3, though that proved not to be the case.
But now Google is aware of the situation, and says that it's investigating things. Until the fix from Google lands, users can use the free Class0Firewall app to prevent such situations.
