Google Nexus phones are found to be prone to the attack of denial-of-service through SMS. The issue has been raised publicly and more and more people are becoming aware of the issue linked to the different kinds of Google Nexus devices.
The Discovery of the Nexus’ Vulnerability
Bogdan Alecu, Dutch IT services company Levi9’s system administrator, is the one who discovered the vulnerability of Nexus phones to the attack of denial-of-service through SMS. He presented his discovery at the DefCamp security conference held in Bucharest, Romania last Friday. He raised his concern publicly due to the fact that his concern was not immediately responded by the Google company. He said that he kept on sending email to the company. However, most of the messages he got from the company are mostly automated messages. This is the reason why he decided to present the issue in public.
The Denial-of-Service Attack
The denial-of-service attack faced by Google Nexus phones is coming from Class 0 SMS or Flash SMS. This is a kind of SMS that has been identified in the GSM specification that automatically shows on the screen of the phone and does not directly get saved on the phone. The user will have the option to either save it or dismiss it after reading the message.
In Google Nexus phones, including the Nexus 4, Nexus 5 and Google Galaxy Nexus, the message shows on top of all the current active windows whenever the Class 0 SMS or Flash SMS is received. The message has a transparent black overlay that surrounds it. This creates a dimming effect on the phone’s screen. There won’t be any audio notification once you get this kind of message. This means that a person can only notice that he receives it when he looks at his phone. So, what is the issue about this kind of SMS? Well, it causes your Nexus phone to act in a very unusual way once you receive a massive number of Flash SMS of around 30.
How Do Nexus Phones React?
Different kinds of Nexus phones react in different ways. It will reboot automatically, lose mobile network connection or crash the messaging app alone. There are Live tests that were conducted to see the effect of this Flash SMS on the devices. There were different results gathered. However, the results are somewhat related or similar to one another. There were also about 20 phones from different vendors that were tested. Right after the live test, it appeared that these phones are not vulnerable to this attack of denial-of-connection. Right after Bogan Alecu’s presentation of the issue on Google Nexus phones, a representative of Google sent a mail showing their gratitude toward Bogan Alecu for bringing up the denial-of-connection attack issue to their attention.