NCSU Researchers Discover 'Smishing' Vulnerability, Google To Patch Here Soon

Nexus Phones Vulnerable To Flash SMS Attack

November 29, 2013 - Written By Justin Diaz


If you own one of the last three Nexus Phones, this is definitely something you want to pay some attention to. According to PCWORLD, there is a vulnerability within inside the Galaxy Nexus, Nexus 4, and Nexus 5 that leaves it open to an attack carried out with flash sms. Basically all the hacker would have to do is send multiple flash SMS messages to a particular phone number that is using a nexus phone, and the device upon receiving the correct amount (which is about 30 or so)would then begin to reboot, freeze or even lose data connection. The vulnerability lies within the way those three specific Nexus phones handle the “flash SMS” message type, which is basically a message that appears on screen immediately and then requires action from the user.

This issue was discovered by Bogdan Alecu who is a security researcher, who says that the problem occurs when the messages aren’t properly dismissed. This means that the attacks can be avoided even if you were getting these types of flash messages, so long as you dismiss them right away. However doing so would require you to pretty much be on top of your phone constantly which isn’t realistic. Besides not being able to stare at your phone all day wondering if you have gotten these types of messages, another problem that PCWORLD points out is that Nexus devices apparently don’t automatically alert the user when a flash message comes in. This could potentially leave you open to receiving tons of them before you even notice. Case in point, making you even more vulnerable to the attack. On a good note, Alecu hasn’t found any evidence that this attack allows hackers to execute code, so at least there’s that.

Flash SMS isn’t something that most people use on a daily basis if at all, but plenty of apps out there use them. Alecu himself has created one called Hush SMS, but thankfully he has also helped create an app to help you prevent these types of attacks. The app is called Class0Firewall. The issue reportedly is prone to happening on any Nexus phone that is running OS versions from 4.0 to 4.4, so long as you’re not on those versions you’re seemingly safe. Bogdan Alecu had told PCWORLD that he has reported the issue to Google, who had responded there was a fix coming in 4.3, but here we are at 4.4 and still no fix from Google. In the meantime, download Alecu’s app Class0Firewall and that should help you until the official fix comes out.Google-Play-Banner-Get-it-On-Large1