A new vulnerability has been discovered affecting most Nexus smartphones that concerns how the device handles Flash SMS. A Flash SMS is a type of message that normally is not stored by the system and does not trigger any audio alerts. In an Android device it is typically received as a system alert and takes priority over any app by popping on the screen as soon as it is received. The recipient will then have the option to dismiss the message or store it after reading it.
Bogdan Alecu, a system administrator at Dutch IT services company Levi9, discovered that by bombarding a Nexus device with numerous Flash SMS in succession without dismissal the device will eventually reboot. While this isn’t a serious vulnerability it is still concerning since anyone can reboot a Nexus device without the owner of the device knowing it since they won’t know about the message unless they look at their phone.
Alecu said that if the smartphone receives around 30 flash messages that are not dismissed it begins to act erratically. The most common behavior is that the device will reboot itself. If a PIN has been setup then the owner will not know that their device is not connected to the network if they don’t look at it. During this period no messages, calls, or any notifications will be received by the device.
On rare occasions the Nexus will not reboot but will temporarily lose network connectivity. As soon as connectivity is restored the device will be able to make and receive calls however accessing the Internet over the mobile network will no longer work. To resolve this problem the device has to be rebooted.
This vulnerability was presented by Alecu Friday at the DefCamp security conference in Bucharest, Romania. A live test using a Nexus 4 running on Android 4.3 and its screen unlocked showed that when 30 flash messages were received and not dismissed did not result in a reboot. The device however became unresponsive and any attempts to lock the screen did not work. The device was eventually rebooted to make it operate normally again.
A second attempt to recreate the issue also failed to immediately reboot the device because only 2 of the 20 flash messages sent arrived on the device. After all 20 messages arrived, the device rebooted when the screen was unlocked.
Alecu said that he discovered this vulnerability a year ago and has confirmed that it is present in the Google Galaxy Nexus, Nexus 4 and Nexus 5 phones running various Android 4.x versions including the latest KitKat. He tried contacting Google regarding this vulnerability however only got an automated response. A member of the Android Security Team responded last July stating that the problem will be fixed with the release of Android 4.3 however apparently it still hasn’t.
The main cause of this problem appears to be in the way the device handles its memory storage. When a large number of flash messages arrive it appears that it becomes overloaded and the messaging app crashes or the device becomes unresponsive causing the reboot.