5,603,858 Members 40,303 Now Online
XDA Developers Android and Mobile Development Forum

Nexus: SMS exploit discovered

Tip us?
 
Deeco7
Old
#1  
Deeco7's Avatar
Senior Member - OP
Thanks Meter 377
Posts: 1,486
Join Date: Jul 2010
Location: London
Info Nexus: SMS exploit discovered

Quote:
Attackers could force phones from Google's Nexus line to reboot or fail to connect to the mobile Internet service by sending a large number of special SMS messages to them.

The issue was discovered by Bogdan Alecu, a system administrator at Dutch IT services company Levi9, and affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5. Alecu is presenting the vulnerability Friday at the DefCamp security conference in Bucharest, Romania.

Class 0 SMS, or Flash SMS, is a type of message defined in the GSM specification that gets displayed directly on the phone's screen and doesn't automatically get stored on the device. After reading such a message, users have the option to save it or dismiss it.

On Google Nexus phones, when such a message is received, it gets displayed on top of all active windows and is surrounded by a semi-transparent black overlay that has a dimming effect on the rest of the screen. If that first message is not saved or dismissed, and a second message is then received, the latter is placed on top of the first one and the dimming effect increases.

When such messages are received, there is no audio notification, even if one is configured for regular incoming SMS messages. This means that users receiving Flash messages won't know about them until they look at the phone.

Alecu found that when a large number of Flash messages—around 30—are received and are not dismissed, the Nexus devices act in unusual ways.

The most common behavior is that the phone reboots, he said. In this case, if a PIN is required to unlock the SIM card, the phone will not connect to the network after the reboot and the user might not notice the problem for hours, until they look at the phone. During this time the phone won't be able to receive calls, messages or other types of notifications that require a mobile network connection.

According to Alecu, a different behavior that happens on rare occasions is that the phone doesn't reboot, but temporarily loses connection to the mobile network. The connection is automatically restored and the phone can receive and make calls, but can no longer access the Internet over the mobile network. The only method to restore the data connection is to restart the phone, Alecu said.

On other rare occasions, only the messaging app crashes, but the system automatically restarts it, so there is no long term impact.

A live test at the conference performed on a Nexus 4 phone with the screen unlocked and running Android 4.3 did not immediately result in a reboot. However, after receiving around 30 class 0 messages the phone became unresponsive: Screen taps or attempts to lock the screen had no effect. While in this state, the phone could not receive calls and had to be rebooted manually.

A second attempt with the screen locked also failed to reboot the phone because only two of over 20 messages were immediately received. This may have been caused by a network issue or operator-imposed rate limiting. The messages did arrive later and the phone rebooted when unlocking the screen.

Alecu said that he discovered this denial-of-service issue over a year ago and has since tested and confirmed it on Google Galaxy Nexus, Nexus 4 and Nexus 5 phones running various Android 4.x versions, including the newly released Android 4.4, or KitKat.

Around 20 different devices from various vendors have also been tested and are not vulnerable to this problem, he said.

This doesn't exclude the possibility that some devices from other vendors are vulnerable, but so far it has only been confirmed on the previously mentioned Google Nexus phones.

Alecu claims he contacted Google several times since he found the flaw, but mostly got automated responses. Someone from the Android Security Team responded in July and said the issue would be fixed in Android 4.3, but it wasn't, Alecu said, adding that this contributed to his decision to disclose the problem publicly.

"We thank him for bringing the possible issue to our attention and we are investigating," a Google representative said via email.

via PCWorld
What is your intake on this?
∝ Nexus 5
∝ Nexus 4
∝ Nexus 7 (v2)
∝ Nexus 7 (v1)

---Legacy---
Samsung Galaxy S II
HTC Desire
 
miHah
Old
#2  
miHah's Avatar
Senior Member
Thanks Meter 247
Posts: 364
Join Date: Jun 2011
Quote:
Originally Posted by Deeco7 View Post
What is your intake on this?
TLDR

joke, Well since I can't achieve the effect (reboot and unusual behaviour) I am saying this doesn't affect my life & the way my nexus works.. so..
My Precious: HTC One @ Zoe, BoomSound, BlinkFeed <3
My toy: Google Nexus 5 @ Snapdragon 800 POWER


Third Phone: HTC One X @ Jelly Bean & HTC Sense 5.5 and 2100mAh Battery

Another Phone: HTC Desire HD @ Jelly Bean
Another Phone: HTC HD2 @ WP 8 / Jelly Bean
Another Phone: Google Nexus S @ KitKat


Cookies Here!_____________________________________________
 
UnusualSuspect
Old
#3  
Member
Thanks Meter 16
Posts: 68
Join Date: May 2008
Location: Colorado
Quote:
Originally Posted by Deeco7 View Post
What is your intake on this?
My ... ummm, intake ... on this is that I never cease to be amazed at the lengths that a corporate security weenie will go to in order to justify his salary.

I recently retired from a large IT services firm in the US, and this is exactly the kind of far-fetched crap our corporate security people cited to justify taking away my Android connectivity to our Exchange servers. Grrrr...

JM2˘
Nexus 5 - stock 4.4.2 KOT49H OTA
Nexus 7 2012 - stock 4.4.2 KOT49H OTA
-------------
Bring back zombie art!
 
zivan56
Old
#4  
Senior Member
Thanks Meter 365
Posts: 269
Join Date: Jun 2010
Location: Vancouver, BC
Last I checked, only the provider can send class 0 messages.
 
GldRush98
Old
#5  
GldRush98's Avatar
Senior Member
Thanks Meter 199
Posts: 2,050
Join Date: Jun 2006
Location: Taylorville, IL.
This. No one can send them, and almost no carriers... at least in the U.S. use them. I have never seen a single one. The chances of getting 30 at one time is zero. It's a non-issue IMO.

If you want a crash bug, look to the iOS bug that caused any iOS phone or app to crash when a certain string of characters is displayed by it.
---Phone---
Nexus 5 32gb
Android 4.4.2 KOT49H, Baseband 1.0.25.0.23, Unlocked, rooted, TWRP Recovery 2.6.3.4
---Tablets---
Samsung Note 10.1 2014 Edition 32gb
Android 4.3, stock & rooted
Nexus 7 16gb
Android 4.4.2 KOT49H, Unlocked, rooted, TWRP Recovery 2.6.3.1
---Past---
Galaxy Nexus (AT&T)
Android 4.3 JWR66Y, Baseband I9250XXLJ1, Unlocked, rooted, Clockwork Touch 6.0.4.3
Google Nexus One | AT&T Fuze (Touch Pro) | AT&T 8525 (Hermes) | AT&T 8125 (Wizard)
 
_DrG_
Old
#6  
Senior Member
Thanks Meter 7
Posts: 212
Join Date: Mar 2007
Unfortunately there is software out there that allows a user to send an anonymous class 0 sms messages, so I guess this bug needs looking at by the Google techies

Sent from my Nexus 5 using Tapatalk
 
nohcho
Old
#7  
Senior Member
Thanks Meter 25
Posts: 105
Join Date: Aug 2009
I don't have a take on this

Sent from my Nexus 5 using Tapatalk
 
cbutt
Old
#8  
cbutt's Avatar
Senior Member
Thanks Meter 67
Posts: 294
Join Date: Jan 2011
Location: Yonkers, NY
I award you no points & may God have mercy on your soul.

Lol but seriously, is this REALLY an issue?

Sent from my Nexus 5 using Tapatalk
 
Deeco7
Old
#9  
Deeco7's Avatar
Senior Member - OP
Thanks Meter 377
Posts: 1,486
Join Date: Jul 2010
Location: London
Quote:
Originally Posted by cbutt View Post
I award you no points & may God have mercy on your soul.

Lol but seriously, is this REALLY an issue?

Sent from my Nexus 5 using Tapatalk
I'm not really concerned about this, just thought I'd create a discussion about it. Don't worry about my soul, my friend.

Sent from my Nexus 5 using Tapatalk
∝ Nexus 5
∝ Nexus 4
∝ Nexus 7 (v2)
∝ Nexus 7 (v1)

---Legacy---
Samsung Galaxy S II
HTC Desire
 
koe1974
Old
#10  
Senior Member
Thanks Meter 329
Posts: 1,149
Join Date: Oct 2007
Location: I don't have an m110s anymore
If anyone is that worried, ... https://play.google.com/store/apps/d...class0firewall
I'm reckless with my devices. I'm just warning you!

Tags
exploit, nexus, sms
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes