At least two recent models of Google’s flagship Nexus Android handsets can be crashed remotely – simply by sending them a flurry of SMS text messages, a Dutch researcher has warned.
Normal text messages, of course, don’t work – the attack depends on special Class 0 messages, made by software for the purpose, according to Bogdan Alecu’s paper.
“Instead of falling into a user’s inbox and waiting for someone to read the message, a Class 0 or “flash message” pops up immediately as a message window that the user is supposed to decide whether or not to save,” the Register said in its report.
The reason these messages can be used to attack Nexus devices is that Google’s handsets do not offer the user a signal when they arrive – meaning an attacker can pile up dozens at once.
PC World reported that the attack was effective, disabling a device rapidly, although a second demonstration failed as several of the SMS attacks did not arrive.
The Verge reports that the attack works best against the three latest Nexus smartphones, running any version of Android from Ice Cream Sandwich to Kitkat. Alecu told PC World that he tested 20 other devices, but the attack did not immediately work against those.
Alecu claims that the vulnerability could be used to crash phones remotely – and leaving them unable to even make calls or access the internet. Alecu describes this as a “Class 0 message Denial-of-Service” attack, and describes how, “When sending over 30 messages to a Google device running Android, messaging application stops, phone reboots, radio application restarts, but Internet no longer works.”
The problem is worse, Alecu says, if SIM PIN protection is enabled, “If If SIM PIN protection is enabled, there is no phone signal, no calls,” he said. His discovery was published at Defcamp 2013.
Alecu claims that Google has known of this vulnerability for some time, but has failed to act on it. “We thank him for bringing the possible issue to our attention and we are investigating,” a Google representative said via email to PC World.