Attackers can make the Google Nexus phones reboot or fail to connect to the mobile internet service by sending some special SMS, it has now been revealed.
The issue, discovered by Bogdan Alecu - a system administrator at Dutch IT services company Levi9, affects all Android 4.x firmware versions on Google Galaxy Nexus, Google Nexus 4 and the latest Google-LG Nexus 5.
Class 0 SMS, or Flash SMS, are said to be a type of messages which get displayed directly on the handset's screen but does not get saved on the device. The users, after reading the message, have the option to either keep it or dismiss it.
When such messages are received, there wont be any audio notification, which means users would be unaware of the messages, till he or she checks the handset.
However, Alecu has observed that Nexus handsets start to act in unusual ways once the number of flash messages reaches 30, provided they are not dismissed.
Possible Cases Observed
One of the unusual ways the handset acts is rebooting by itself. In this case, if a PIN is required to unlock the SIM, the phone will not connect to the network after rebooting and the user might be unaware about it for hours. Since there is no network connection, the handset would not receive any calls, messages or any type of notifications, reports PC World.
In another case observed by Alecu, it has been noted that the handset does not reboot but temporarily loses mobile network connection. This connection is said to automatically restore and the handset can make and receive phone calls but can no longer connect to mobile internet service. The only method to get the mobile network connection back is to restart the handset.
On rare occasions, the messaging app is also said to crash but the system restarts it automatically without having any long-term impact.
Nexus with Android 4.3 Jelly Bean
In a conference held by Alecu, a live test was performed with a Nexus 4 device with Android 4.3 Jelly Bean OS. The handset did not reboot but became unresponsive to screen taps. Attempts to lock the screen also had no effect. The handset also could not receive calls and had to be rebooted manually.
Alecu has mentioned that he discovered this denial-of-service issue over a year ago and has confirmed the issue to prevail in Google Galaxy Nexus, Nexus 4 and Nexus 5, handsets running Android 4.x versions including the latest 4.4 Kitkat.
Alecu also stated that he tried to contact Google but got an automated response most of the time. One person from Android Security team responded in July and said that the issue would be fixed in Android 4.3 Jelly bean but it wasn't.
"We thank him for bringing the possible issue to our attention and we are investigating," stated a Google representative via email.