If you have a Google Nexus 4 or Nexus 5 smartphone, you may want to know about an interesting security story coming out of a conference in Romania today.
A system administrator at a Dutch IT company has found a vulnerability that amounts to a method for launching a denial-of-service attack on those phones, using SMS messages.
Bogdan Alecu he demonstrated the vulnerability at the DefCamp 2013 security conference in Bucharest today. In an email exchange, he said he does independent security research in his spare time, and, according to his site, has given talks on vulnerabilities at other conferences, including one at DefCon in Las Vegas over the summer. He also writes a mobile security blog.
Here’s how the vulnerability works. At attacker sends what’s called a Flash SMS, or a Class 0 SMS, to the phone. It’s a sort of super-text-message that doesn’t get stored in the in-box; rather, its contents get flashed straight to the screen. It exists as part of the global standard for sending text messages on GSM phones, and is useful for flashing emergency information to people, or maybe for delivering a one-time password.
When a message like this is sent to the phone, it’s surrounded by a dark screen, where it waits to be read or dismissed by the user. But here’s where the attack part comes in. Send a large number of these messages to a phone, and the phone starts to act weird and, in some cases, can even reboot itself.
Read the rest of this post --->
0 comentarii:
Post a Comment