Class0Firewall for SMS attack protection lands in Google Play

Dec 03, 2013 by Nancy Owano weblog

(Phys.org) —Last month, news of smartphone vulnerabilities ended with more of a bang than a whimper when Bogdan Alecu, a system administrator at Levi9 and, also, an independent security researcher, presented his findings about Nexus phones at DefCamp. This is a key conference on information security, and it ran from November 29 to November 30 in Bucharest.

In one of his tests, performed on a Nexus 4 with the screen unlocked and running Android 4.3, after receiving around 30 class 0 , the phone did not respond to taps or attempts to lock the screen. While in that state, the phone was unable to take incoming calls; a manual reboot was necessary. Overall, he said that he found Nexus phones –the Galaxy Nexus, Nexus 4, and Nexus 5—to be vulnerable to multiple SMS attempts which may force the phones to reboot or lose connectivity. The mischief is accomplished if the attacker sends around 30 Flash SMS messages to the phone. (He wanted to see what would happen if sending multiple messages to a device at short intervals.)

Flash SMS messages are displayed on the screen and with this type of exploit, the user who ignores the messages without saving or dismissing actions at once may see the phone lose connectivity or reboot.

According to reports, Alecu contacted Google about the issues. Is it only happening with Nexus phones? Alecu said he tried the attack on other devices with no such results. This does not mean the exploit would be impossible to carry out on smartphones from other vendors but so far he was only able to confirm such effects on Nexus phones. According to PCWorld, "We thank him for bringing the possible issue to our attention and we are investigating," said a Google representative via email.

According to Android Police, "Based on limited testing with devices from various vendors, the vulnerability appears to only affect the Nexus line running on all versions of stock Android through to the current release of KitKat."

The latest news is that a firewall app that addresses the vulnerability is available now in the Google Play store. The ClassOFirewall, from SilentServices, has been designed to help protect against such attacks; as a line of defense, the app limits how many Flash SMS can be received. Values can be set for threshold and block duration. If the number of incoming messages exceeds the defined value the message gets dropped by the Firewall. If a message gets dropped, a toast message appears. Class0Firewall is a Proof of Concept app, according to the description on Google Play, "discovered by Bogdan Alecu. He also came up with the idea for the defense." Due to the SMS API change in Android 4.4 KitKat, the notice added, the Firewall has no effect but an attempt is to be made, said the notice, to find a way around.

Explore further: Nexus 5: Google releases first phone powered by 'Kit Kat' (Update)

More information: defcamp.ro/

Related Stories

Google rolls out new Nexus tablet

Jul 24, 2013

Google on Wednesday unveiled a slim, powerful new Nexus tablet computer, fielding a new Android-driven champion to challenge iPad maker Apple.

Researchers ID 'smishing' vulnerability in Android

Nov 05, 2012

(Phys.org)—Mobile security researchers have identified a new vulnerability in popular Android platforms, including Gingerbread, Ice Cream Sandwich and Jelly Bean. The vulnerability has been confirmed by ...

Recommended for you

Tech firm fined for paying workers $1.21 per hour

14 minutes ago

A Silicon Valley company is paying more than $43,000 in back wages and penalties after labor regulators found eight employees imported from India were being treated like they were in an overseas sweat shop while they were ...

Facebook goes retro with 'Rooms' chat app

24 minutes ago

Facebook on Thursday released an application that lets people create virtual "rooms" to chat about whatever they wish using any name they would like.

Some online shoppers pay more than others, study shows

1 hour ago

Internet users regularly receive all kinds of personalized content, from Google search results to product recommendations on Amazon. This is thanks to the complex algorithms that produce results based on users' profiles and ...

User comments : 0