Friday, November 29, 2013

Nexus devices are vulnerable to DoS attack via SMS - The Cult

nexus-5

You know what a Flash SMS? Basically it is a different from normal message, you need not be opened by the user to view. The more accurate term is SMS Class 0, and originally was a unique format operators ( apps exist today able to send messages like ) to send notifications to any GSM device. SMS alone opens as a pop-up and is not automatically stored in the memory, unless the recipient so choose.

The service is up to now practical but Bogdan Alecu, a systems administrator of the Dutch IT service company Levi9 found that the format can be used as a denial of service, affecting all smartphone Nexus line from the Android 4.0: Galaxy Nexus, Nexus and Nexus 4 5

.

What happens is that unlike other devices, when a Flash Nexus receives an SMS message is displayed above any other active screen, on a black background semi-transparent window that fits with the background. If the message is not closed and another of the same type is received, the effect of self-adjustment accumulates. As not the smartphone beeps when it receives a message of type ( even when configured to notify the arrival of a common SMS ), the user does not realize what happened until you resolve to look for the phone.

And therein lies the problem: according Alecu, receiving a number of messages in sequence ( the limit found was thirty, which features a denial of service ), the Nexus start to behave in strange ways: the most common effect is the reboot, and if the unit require a PIN to unlock the SIM card, the user can spend hours with a brick in his pocket until he realized that was offline. Other effects occur but are rare: the cell can lose connection momentarily but then partially restores with internet access blocked unless the device is reset. Another possibility is that only the messaging app suffers a crash, but in this case the smartphone circumvents the situation yourself. But like I said, this is a rarer effect to occur. Alecu demonstrated the problem at a conference with a Nexus 4;. Thirty messages received after the device simply froze and had to be manually reset

researcher says he discovered the flaw about a year ago, and since has been testing various devices to discover which are the most susceptible. Only models from Nexus Android 4.0 ICS seem to be affected, as he tested other 20 models and the problem did not recur, although he did not rule out the possibility. He has contacted Google several times but only received automated responses. In July a contact from the Android security team informed him that “ the problem would be solved in version 4.3 Jelly Bean ” but clearly it was not, since even the Nexus with Android 4.4 5 KitKat is not protected.

Alecu will demonstrate the failure DefCamp today during a security conference in Bucharest, Romania in order to try again to draw the attention of Google.

Source: PCWorld

.

No comments:

Post a Comment