Class0Firewall for SMS attack protection lands in Google Play

Dec 03, 2013 by Nancy Owano weblog

(Phys.org) —Last month, news of smartphone vulnerabilities ended with more of a bang than a whimper when Bogdan Alecu, a system administrator at Levi9 and, also, an independent security researcher, presented his findings about Nexus phones at DefCamp. This is a key conference on information security, and it ran from November 29 to November 30 in Bucharest.

In one of his tests, performed on a Nexus 4 with the screen unlocked and running Android 4.3, after receiving around 30 class 0 , the phone did not respond to taps or attempts to lock the screen. While in that state, the phone was unable to take incoming calls; a manual reboot was necessary. Overall, he said that he found Nexus phones –the Galaxy Nexus, Nexus 4, and Nexus 5—to be vulnerable to multiple SMS attempts which may force the phones to reboot or lose connectivity. The mischief is accomplished if the attacker sends around 30 Flash SMS messages to the phone. (He wanted to see what would happen if sending multiple messages to a device at short intervals.)

Flash SMS messages are displayed on the screen and with this type of exploit, the user who ignores the messages without saving or dismissing actions at once may see the phone lose connectivity or reboot.

According to reports, Alecu contacted Google about the issues. Is it only happening with Nexus phones? Alecu said he tried the attack on other devices with no such results. This does not mean the exploit would be impossible to carry out on smartphones from other vendors but so far he was only able to confirm such effects on Nexus phones. According to PCWorld, "We thank him for bringing the possible issue to our attention and we are investigating," said a Google representative via email.

According to Android Police, "Based on limited testing with devices from various vendors, the vulnerability appears to only affect the Nexus line running on all versions of stock Android through to the current release of KitKat."

The latest news is that a firewall app that addresses the vulnerability is available now in the Google Play store. The ClassOFirewall, from SilentServices, has been designed to help protect against such attacks; as a line of defense, the app limits how many Flash SMS can be received. Values can be set for threshold and block duration. If the number of incoming messages exceeds the defined value the message gets dropped by the Firewall. If a message gets dropped, a toast message appears. Class0Firewall is a Proof of Concept app, according to the description on Google Play, "discovered by Bogdan Alecu. He also came up with the idea for the defense." Due to the SMS API change in Android 4.4 KitKat, the notice added, the Firewall has no effect but an attempt is to be made, said the notice, to find a way around.

Explore further: Nexus 5: Google releases first phone powered by 'Kit Kat' (Update)

More information: defcamp.ro/

Related Stories

Google rolls out new Nexus tablet

Jul 24, 2013

Google on Wednesday unveiled a slim, powerful new Nexus tablet computer, fielding a new Android-driven champion to challenge iPad maker Apple.

Researchers ID 'smishing' vulnerability in Android

Nov 05, 2012

(Phys.org)—Mobile security researchers have identified a new vulnerability in popular Android platforms, including Gingerbread, Ice Cream Sandwich and Jelly Bean. The vulnerability has been confirmed by ...

Recommended for you

Team infuses science into 'Minecraft' modification

11 hours ago

The 3-D world of the popular "Minecraft" video game just became more entertaining, perilous and educational, thanks to a comprehensive code modification kit, "Polycraft World," created by University of Texas at Dallas professors, ...

Microsoft's Garage becomes an incubator of consumer apps

13 hours ago

For five years now, The Garage has served as Microsoft's incubator for employees' passion projects, an internal community of engineers, designers, hardware tinkerers and others from all different parts of the company who ...

Students win challenge for real-time traffic app

14 hours ago

Three University of Texas at Arlington Computer Science and Engineering students have won a $10,000 prize in the NTx Apps Challenge for a smart traffic light network that adjusts traffic light schedules to ...

Blink, point, solve an equation: Introducing PhotoMath

Oct 22, 2014

"Ma, can I go now? My phone did my homework." PhotoMath, from the software development company MicroBlink, will make the student's phone do math homework. Just point the camera towards the mathematical expression, ...

User comments : 0