Nexus Flash SMS Vulnerability Fixed in Android 4.4.2

December 11, 2013 - Written By Nick Sutrich

In the world of technology you always hear about new viruses, security vulnerabilities and cyber attacks.  This is a constant war raged on our personal computing devices, and it’s a problem that grows as the user install base of any popular operating system grows.  As any coder knows, if it can be made it can be unmade, and therefore no matter what sort of security is built there will almost always be a way around it.  This is particularly pertinent when a new piece of software comes out, as no amount of bug testing will find all the security holes out there.  Case in point with the Nexus program, and in particular Android 4.4 KitKat on Nexus devices.  At the end of November we detailed for you exactly what this bug fix it, and without going into too much detail essentially if someone sends you 30 or more Class 0 SMS messages, your Nexus phone running Android 4.4.1 or lower could become unstable and possibly even lose data until the next time you reboot.  If you want all the details check out the full writeup on the problem here.

Thankfully Google has addressed this problem rather quickly, and with the release of Android 4.4.2 this week has patched the vulnerability.  Specifically in the official commits to Android you’ll find the following line:

d00f7cd : Android denial of service attack using class 0 SMS messages

That’s about as straightforward as you get, and it’s a very good thing too.  No one wants their day ruined by some jerk trying to do just that, and it’s even worse when you can’t do anything about it.  Kudos to Google for fixing it so quickly and getting that update rolled out.  Now if they could only change the way they roll out updates it would be even better.  As it stands I still haven’t seen the update come through on the Nexus 5, even with clicking the check for updates button.  Thankfully it’s pretty simple to sideload through the official recovery built in to the phone.  We’ve got a pretty quick how-to guide for you here in case you’d like to get that update going sooner rather than later.