A vulnerability has been found that seems to only affect Google Nexus devices, although it isn't exactly all that serious of a vulnerability. The issue was found by Bogdan Alecu, a system administrator at Dutch IT services company Levi9, and presented at the DefCamp security conference in Bucharest, Romania today. The issue can lead to Nexus phones rebooting via an SMS attack.The issue is caused by Class 0 SMS, or Flash SMS, which is a type of message that is immediately displayed on screen on top of all other apps until the user dismisses or saves it. Alecu showed that on the Galaxy Nexus, Nexus 4, or Nexus 5 running Android 4.x is vulnerable to rebooting or freezing if about 30 of these SMS messages are received and not dismissed quickly enough. Luckily, that's really the worst that can come of the vulnerability and none of your data can be compromised.
And, there are also a number of apps (including one made by Alecu himself) that can help you limit the number of Flash SMS messages that will be accepted by your device, which can help you to avoid the issue. Alecu tested the attack on about 20 non-Nexus devices and none showed the same vulnerability. Alecu found the issue about one year ago and has tried to contact Google a number of times regarding the flaw, and received a response claiming that the issue would be fixed in Android 4.3, but it wasn't. When PCWorld contacted Google for a comment on the story, a Google representative said, "We thank him for bringing the possible issue to our attention and we are investigating."
source: PCWorld
0 comments:
Post a Comment