Class0Firewall for SMS attack protection lands in Google Play

Dec 03, 2013 by Nancy Owano weblog

(Phys.org) —Last month, news of smartphone vulnerabilities ended with more of a bang than a whimper when Bogdan Alecu, a system administrator at Levi9 and, also, an independent security researcher, presented his findings about Nexus phones at DefCamp. This is a key conference on information security, and it ran from November 29 to November 30 in Bucharest.

In one of his tests, performed on a Nexus 4 with the screen unlocked and running Android 4.3, after receiving around 30 class 0 , the phone did not respond to taps or attempts to lock the screen. While in that state, the phone was unable to take incoming calls; a manual reboot was necessary. Overall, he said that he found Nexus phones –the Galaxy Nexus, Nexus 4, and Nexus 5—to be vulnerable to multiple SMS attempts which may force the phones to reboot or lose connectivity. The mischief is accomplished if the attacker sends around 30 Flash SMS messages to the phone. (He wanted to see what would happen if sending multiple messages to a device at short intervals.)

Flash SMS messages are displayed on the screen and with this type of exploit, the user who ignores the messages without saving or dismissing actions at once may see the phone lose connectivity or reboot.

According to reports, Alecu contacted Google about the issues. Is it only happening with Nexus phones? Alecu said he tried the attack on other devices with no such results. This does not mean the exploit would be impossible to carry out on smartphones from other vendors but so far he was only able to confirm such effects on Nexus phones. According to PCWorld, "We thank him for bringing the possible issue to our attention and we are investigating," said a Google representative via email.

According to Android Police, "Based on limited testing with devices from various vendors, the vulnerability appears to only affect the Nexus line running on all versions of stock Android through to the current release of KitKat."

The latest news is that a firewall app that addresses the vulnerability is available now in the Google Play store. The ClassOFirewall, from SilentServices, has been designed to help protect against such attacks; as a line of defense, the app limits how many Flash SMS can be received. Values can be set for threshold and block duration. If the number of incoming messages exceeds the defined value the message gets dropped by the Firewall. If a message gets dropped, a toast message appears. Class0Firewall is a Proof of Concept app, according to the description on Google Play, "discovered by Bogdan Alecu. He also came up with the idea for the defense." Due to the SMS API change in Android 4.4 KitKat, the notice added, the Firewall has no effect but an attempt is to be made, said the notice, to find a way around.

Explore further: Nexus 5: Google releases first phone powered by 'Kit Kat' (Update)

More information: defcamp.ro/

Related Stories

Google rolls out new Nexus tablet

Jul 24, 2013

Google on Wednesday unveiled a slim, powerful new Nexus tablet computer, fielding a new Android-driven champion to challenge iPad maker Apple.

Researchers ID 'smishing' vulnerability in Android

Nov 05, 2012

(Phys.org)—Mobile security researchers have identified a new vulnerability in popular Android platforms, including Gingerbread, Ice Cream Sandwich and Jelly Bean. The vulnerability has been confirmed by ...

Recommended for you

Body by smartphone

10 hours ago

We love our smartphones. Since they marched out of the corporate world and into the hands of consumers about 10 years ago, we've relied more and more on our iPhone and Android devices to organize our schedules, ...

Breakthrough elastic cloud-to cloud networking

12 hours ago

Scientists from AT&T, IBM and Applied Communication Sciences (ACS) announced a proof-of-concept technology that reduces set up times for cloud-to-cloud connectivity from days to seconds. This advance is a major step forward ...

Security CTO to detail Android Fake ID flaw at Black Hat

Jul 29, 2014

Where have you heard this before: A team of security researchers discover a security flaw in Android devices. This is, however, news. This time, experts are talking about a flaw that involves a widespread ...

Software provides a clear overview in long documents

Jul 25, 2014

In the future, a software will help users better analyze long texts such as the documents for calls for bids, which are often more than one thousand pages long. Experts at Siemens' global research unit Corporate ...

User comments : 0