Google Nexus smartphones including the latest Google Nexus 5 running Android 4.4 KitKat are vulnerable to denial-of-service attack via Flash SMS messages; it has been revealed on Friday during DefCamp security conference in Bucharest, Romania.
Bogdan Alecu, a system administrator working with Levi9 – an IT services company, performed a live test during the conference on a Nexus 4 phone running Android 4.3. Alecu showed through the test that after receiving 30 odd Flash messages, the smartphone became unresponsive. During this state the phone neither responded to screen taps nor was it able to receive any phone calls and had to be rebooted manually to get it in functional order.
Flash messages are Class 0 SMS that gets displayed on phones’ screen directly without getting stored on the device. Users have the option to saving the message or dismissing it.
According to Alecu, there have been instances during this tests that the phone behaves in a different manner at times and loses mobile network connectivity temporarily. The connectivity is restored in a short while with ability to place and receive phone calls, but internet connectivity is lost up until the phone is manually restarted. There are instances when the messaging app crashes and the Nexus smartphone reboots.
The issue has been discovered over a year ago revealed Alecu and has been tested on all Google Galaxy Nexus smartphones running Android 4.x including the recently released Nexus 5. Alecu revealed that he has contacted Google multiple times just to receive automated response. Some one did respond that the issue will be resolved in Android 4.3, but unfortunately it still persists and has been passed onto Android 4.4 KitKat.
There is no official fix for the vulnerability and till then the only workaround is an app named Class0Firewall (https://play.google.com/store/apps/details?id=com.silentservices.class0firewall&hl=en) developed by Michael Mueller, an IT security consultant from Germany in collaboration with Alecu.