Several models of Google’s (NASDAQ:GOOG) Android-based Nexus smartphones have been discovered to have a vulnerability to denial-of-service attacks via SMS messages, reports Lucian Constantin at PCWorld. The vulnerability allows attackers to force certain models of Google’s Nexus smartphone to reboot or lose its mobile network connection.
The attack is made possible through a type of Flash SMS message that is immediately displayed on a smartphone’s screen and is not stored in the device’s memory. When a Flash SMS message is received, users have the option to either save or dismiss the message. However, if around 30 of these types of messages are received before the user can save or dismiss them, the Nexus phone will automatically reboot.
Additionally, if the device requires that a PIN be entered after rebooting, it will remain disconnected from the mobile network until a user notices their device has rebooted. The issue affects Google’s Galaxy Nexus, Nexus 4, and Nexus 5 models that run the Android 4.x firmware versions. The Galaxy Nexus is manufactured by Samsung (SSNLF.PK), while the Nexus 4 and Nexus 5 are made by LG.
According to PCWorld, the vulnerability was discovered by Bogdan Alecu, a systems administrator who works for IT services company Levi9. The security researcher presented his findings at the recent DefCamp hacking and information security conference in Bucharest, Romania.
Alecu noted that sometimes the affected Nexus phones wouldn’t reboot, but would instead temporarily lose their connection to the mobile network. Although the phones would soon automatically reconnect to the network, the devices would still fail to regain their connection to the Internet. He also noted that the only way to regain the lost Internet connection was to reboot the phone. On other occasions, instead of rebooting, the device’s messaging app would crash.
Alecu decided to publicly reveal the vulnerability after Google failed to address the issue in Android 4.3. According to PCWorld, Google stated via an email that, “We thank him for bringing the possible issue to our attention and we are investigating.”
This vulnerability will likely make it harder for Google to lure Apple’s (NASDAQ:AAPL) iPhone users to the Android platform. Google recently stepped up its efforts to court iPhone users when executive chairman Eric Schmidt penned a guide that instructed iPhone users how to move their iOS-based data to Google’s Android platform.
Here’s how Google closed out Friday’s shortened trading session.
Follow Nathanael on Twitter (@ArnoldEtan_WSCS)