Nexus Flaw Makes Smartphones Susceptible to Security Exploit

An SMS error can cause phones to reboot or disconnect from data services when too many messages are received at once.

Print Email

Security researchers have recently revealed that Google’s line of Nexus smartphones are susceptible to a messaging glitch which can force them to shut down or engage in other unwanted behavior. Nexus is series of generally mid-high end mobile phones and tablets which run a pure version of Google’s Android operating system, are known for receiving swift updates, and sell off-contract for comparatively low prices.

The three most recent versions of the mobile line—the Nexus 5, Nexus 4, and Galaxy Nexus—have all been shown to suffer from the same vulnerability. When a specific sort of text notification known as a Flash SMS is sent to one of these devices in high enough quantities, the phone will be either forced to reboot or disconnected from mobile services (and require a manual reboot to restore connectivity). It is also possible for the messaging app itself to crash, though if that happens the Android OS will usually restart the app automatically following the initial service interruption.

Flash SMS messages—also known as Class 0 SMS—are temporary notifications similar to text messages, with the key difference that after acknowledgement or dismal by the user the Flash messages are not automatically saved to any messaging app. They are often used for emergency alerts, or sometimes for brief notifications regarding specific apps installed to a phone.

Once around 30 of these messages are received in the same timespan (i.e. without any being dismissed by the user), the system evidently gets overwhelmed and shuts down or reboots. Because many Flash SMS arrive without vibrating or giving an audio notification users may be completely unaware when they arrive, thus making them more susceptible to receiving large volumes without noticing.

Inconvenient as the exploit can be, it is far from the most serious security concern a smartphone has ever known; forced reboots are irritating, to be sure, but there is little evidence that could suggest the flaw is cause for any privacy concerns. It is also very rare for a smartphone owner to receive such a high volume of Flash SMS simultaneously, which should hopefully keep the number of impacted users at a minimum.

A Google spokesperson has said that the company is investigating the issue. News of the exploit comes at the same time as Google-owned Motorola’s own inexpensive mid-end smartphone, the Moto G, has gone up for presale via Amazon.

[Source: Slash Gear]
Photo via Android Open Source Project