A newly discovered vulnerability in Android devices could flood your phone with useless, unavoidable text messages, and render your phone temporarily unusable. Google's own Nexus line of products, unfettered by third-party carrier software, appear to be the most vulnerable devices. Bogdan Alecu, a Romanian IT researcher, discovered the flaw and presented his findings at the DefCamp security conference in Bucharest on Nov. 29. By taking advantage of a protocol meant to share high-priority text messages, an interloper could turn a fully functional Android phone into a very expensive paperweight — at least until a system restart. Here's how it works: Mobile devices (including Android systems) can communicate via a protocol called Short Message Service (SMS), which allows users to send short bursts of text to and from one another. In everyday life, this most often manifests itself in the form of text messages. MORE: 13 Security and Privacy Tips for the Truly Paranoid Android prioritizes different kinds of text messages, and the most urgent is called Class 0. The content in this type of message must be of life-or-death urgency (like a severe-weather warning or missing-child alert), as it will supersede all other phone functions, including phone calls. By using software that allows a modified modem to send messages directly (without the aid of a computer or a mobile device), Alecu discovered that he could write anything he wanted and set it as a Class 0 message. This discovery has the capacity to be troublesome on its own. Imagine being knocked off an important call to get a message saying "Hey!" or receiving an impending flood warning on a bright, sunny day. Worse still, someone could impersonate a government agency and spread hoax warnings. Alecu's biggest find, however, concerned the number of Class 0 messages an Android device could receive. Receiving two messages at once taxes the system, but Alecu discovered that upon reaching 30 simultaneous Class 0 messages, an Android device locks up completely. When faced with 30 Class 0 messages, an Android device running the 4.3 Jellybean operating system will stop the Messaging application entirely and reboot itself without any service. This means that if a phone is locked with a PIN, the device will be completely useless until a user manually reconnects it to the network. Even though it's not the end of the world if you have to reconnect your phone to your carrier's network, unless you're the type who checks your phone compulsively, you could go hours without realizing that people have been trying to get in touch with you. This is not an ideal situation if, for example, you are a parent or a high-ranking military official. Although Google is still addressing the issue (Alecu has confirmed that the vulnerability also exists in Android 4.4 KitKat), there is a workaround in the meantime. The free Class0Firewall app from Silent Services allows users to program how many Class 0 messages they can receive at once before their phones block further communications. The odds of this happening are relatively slim, especially because a potential malefactor would need to acquire your phone number and have some insidious plan that relies on you not looking at your phone for a long period of time. Nonetheless, it still represents a vulnerability, and you'll have to protect yourself until Google decides to patch it. Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+. Mobile Security Guide: Everything You Need to Know 10 Worst Tech PR Stunts of All Time 2014 Best Smartphone Reviews and Comparisons Copyright 2013 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
A newly discovered vulnerability in Android devices could flood your phone with useless, unavoidable text messages, and render your phone temporarily unusable. Google's own Nexus line of products, unfettered by third-party carrier software, appear to be the most vulnerable devices.
Bogdan Alecu, a Romanian IT researcher, discovered the flaw and presented his findings at the DefCamp security conference in Bucharest on Nov. 29. By taking advantage of a protocol meant to share high-priority text messages, an interloper could turn a fully functional Android phone into a very expensive paperweight — at least until a system restart.
Here's how it works: Mobile devices (including Android systems) can communicate via a protocol called Short Message Service (SMS), which allows users to send short bursts of text to and from one another. In everyday life, this most often manifests itself in the form of text messages.
Android prioritizes different kinds of text messages, and the most urgent is called Class 0. The content in this type of message must be of life-or-death urgency (like a severe-weather warning or missing-child alert), as it will supersede all other phone functions, including phone calls.
By using software that allows a modified modem to send messages directly (without the aid of a computer or a mobile device), Alecu discovered that he could write anything he wanted and set it as a Class 0 message.
This discovery has the capacity to be troublesome on its own. Imagine being knocked off an important call to get a message saying "Hey!" or receiving an impending flood warning on a bright, sunny day. Worse still, someone could impersonate a government agency and spread hoax warnings.
Alecu's biggest find, however, concerned the number of Class 0 messages an Android device could receive. Receiving two messages at once taxes the system, but Alecu discovered that upon reaching 30 simultaneous Class 0 messages, an Android device locks up completely.
When faced with 30 Class 0 messages, an Android device running the 4.3 Jellybean operating system will stop the Messaging application entirely and reboot itself without any service. This means that if a phone is locked with a PIN, the device will be completely useless until a user manually reconnects it to the network.
Even though it's not the end of the world if you have to reconnect your phone to your carrier's network, unless you're the type who checks your phone compulsively, you could go hours without realizing that people have been trying to get in touch with you. This is not an ideal situation if, for example, you are a parent or a high-ranking military official.
Although Google is still addressing the issue (Alecu has confirmed that the vulnerability also exists in Android 4.4 KitKat), there is a workaround in the meantime. The free Class0Firewall app from Silent Services allows users to program how many Class 0 messages they can receive at once before their phones block further communications.
The odds of this happening are relatively slim, especially because a potential malefactor would need to acquire your phone number and have some insidious plan that relies on you not looking at your phone for a long period of time.
Nonetheless, it still represents a vulnerability, and you'll have to protect yourself until Google decides to patch it.
Copyright 2013 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
After 56 pro fights and losses in three of his last four, the UFC veteran knows what fans think about the state of his career – but he also knows they've been wrong before.
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.