A vulnerability has been found that seems to only affect Google Nexus
devices, although it isn't exactly all that serious of a vulnerability.
The issue was found by Bogdan Alecu, a system administrator at Dutch IT
services company Levi9, and presented at the DefCamp security conference
in Bucharest, Romania today. The issue can lead to Nexus phones
rebooting via an SMS attack.
The issue is caused
by Class 0 SMS, or Flash SMS, which is a type of message that is
immediately displayed on screen on top of all other apps until the user
dismisses or saves it. Alecu showed that on the Galaxy Nexus, Nexus 4,
or Nexus 5 running Android 4.x is vulnerable to rebooting or freezing if
about 30 of these SMS messages are received and not dismissed quickly
enough. Luckily, that's really the worst that can come of the
vulnerability and none of your data can be compromised.
And,
there are also a number of apps (including one made by Alecu himself)
that can help you limit the number of Flash SMS messages that will be
accepted by your device, which can help you to avoid the issue. Alecu
tested the attack on about 20 non-Nexus devices and none showed the same
vulnerability. Alecu found the issue about one year ago and has tried
to contact Google a number of times regarding the flaw, and received a
response claiming that the issue would be fixed in Android 4.3, but it
wasn't. When PCWorld contacted Google for a comment on the story, a
Google representative said, "We thank him for bringing the possible
issue to our attention and we are investigating."
source: PCWorld
No comments:
Post a Comment