News

Nexus flaw sees Android phones crash after SMS overload

nexus_5
By Chris Davies/

Google's Nexus smartphones are susceptible to a messaging glitch that can force them to reboot or disconnect, security researchers have discovered, with handsets running recent versions of Android falling victim to special SMS messages. When around 30 so-called Flash SMS messages – which are displayed on-screen but not stored – are sent to a Nexus 5, Nexus 4, or Galaxy Nexus running Android 4.x versions, Bogdan Alecu found, the phones can either unexpectedly reboot or drop its data connection.

Flash SMS messages – also known as Class 0 SMS – are sometimes used by networks to send out alerts or notifications. Although they show up on-screen as usual, there is no notification sound, and remain in place until the user dismisses them (or, optionally, chooses to save them).

What Alecu discovered was that the Nexus family can get overloaded when a large number of such text messages are received, each loading on top of the other until the phones crash. Since there's no audio alert, users might not find that their phones have been swamped until they actively look at them.

According to the researcher, several possible outcomes can result from the overloading. Most common is that the Nexus will reboot – Alecu points out that, if the SIM card inside is PIN-locked, it means the device could be left disconnected and waiting on user-input until the owner next looks at their handset, though it's questionable as to how many people secure a SIM rather than just the phone itself – but the problem can also cause the mobile network to be dropped, requiring a reboot in order to reconnect to data services, though calls are still functional.

Another possibility is that the Android messaging app itself crashes, though that usually gets rebooted automatically by the OS.

Though not the most serious of security flaws observed around smartphones, the potential to temporarily swamp a person's handset – and, if they're not paying attention, leave it disconnected from data services, depending on how they are set up – could still prove damaging. Alecu says he contacted Google and was told back in July that the issue would be addressed in Android 4.3, though that proved not to be the case.

"We thank him for bringing the possible issue to our attention" a Google spokesperson said this week, "and we are investigating."

VIA PCWorld

Recommended