Most of the attack vectors we deal with when we’re talking about Android security are easy enough to avoid: don’t sideload apps from untrusted sources, or start clicking around links on skeevy backwater websites. But then there are those times where we learn of an attack that’s a lot more difficult to hide from, one that could hit your phone regardless of any action on your own part. Unfortunately, that’s exactly what we’re looking at today, upon the announcement of a new DoS vulnerability affecting certain Nexus-family handsets.
The problem is with how the phones handle a special type of text message, known as a flash SMS. These can be used for things like emergency alerts, and they’re designed to be displayed on-screen as soon as they’re received, without the need for the user to manually access them.
With the Galaxy Nexus, Nexus 4, or Nexus 5, if someone sends your phone a whole bunch of flash SMS messages in a row – like 30 or so – the phone’s software starts getting overwhelmed. Sometimes it will force a spontaneous reset, while other times it may simply freeze up your phone, forcing you to power-cycle on your own.
There’s a chance that other Androids may be affected as well, but the researcher who discovered the attack tested it on 20-some other phones from a number of OEMs, and only observed the issue with those Nexus devices.
Google is aware of the situation, and says that it’s investigating things.