A security researcher by the name of Bogdan Alecu may have found the cause behind some Nexus devices rebooting or losing Wi-Fi connectivity lately: an SMS vulnerability. The issue, where Nexus devices either reboot or lose Wi-Fi connectivity after receiving a special type of SMS, is caused by a denial-of-service attack contained in the message, the same kind that networks occasionally use to send important alerts direct to the user.
Interestingly enough, Alecu also has a proof of concept app available that protects Nexus devicesfrom this kind of attack, but the issue is a worrying one regardless. The problem lies with Flash SMS, also known as Class 0 SMS, that pop up on the device's screen without being stored in the inbox first. There's several apps available to send these pop-up messages, including one made by the researcher at the heart of all this, which is probably how he discovered the bug. Here's a video that demonstrates the problem in action:
When several of these messages are sent to a Nexus device, the system will often reboot, freeze or crash, or sometimes just switch off entirely. Upon rebooting, the Nexus device may lose connectivity to the Wi-Fi network if it is PIN-protected. The Flash SMS may also cause the Wi-Fi connection to be lost without rebooting or crashing the device, meaning the user won't notice anything is astray until they check their phone's connection status. Restarting usually solves these problems, but a double reboot may be required if Wi-Fi doesn't reconnect on the first try.
According to Alecu, all Nexus devices on Android 4.0 Ice Cream Sandwich or newer, including the brand new Nexus 5, are exposed to this kind of SMS attack, even if it is relatively unlikely to affect you. Of course, by notifying you of the problem we're also advertising the vulnerability to any pranksters with too much time on their hands. To protect yourself against this kind of attack, you can go and download Alecu's app and complete the self-fulfilling circle. Google were apparently notified a year ago of the problem, but have now said they are looking into it.
Have you experienced this kind of bug on your Nexus? Do you think it's a harmless prank or a serious security flaw?
No comments:
Post a Comment