Android 4.4.2 Update Fixes Flash SMS DoS Vulnerability

Google has patched a previously disclosed issue in its Nexus line of phones that could have opened a user up to a nasty series of SMS-based denial of service attacks.

Google has patched a previously disclosed issue in its Nexus line of phones that could have opened users up to a nasty series of SMS-based denial-of-service attacks.

The company pushed the fix out alongside version 4.4.2 of Android on Monday to the Nexus 4, 5, 7 and 10 devices.

According to FunkyAndroid.com, a British site that parses Android Open Source Project code each Android update and creates a changelog, 4.4.2 brings a fix for “d00f7cd : Android denial of service attack using class 0 SMS messages.”

The denial of service attack was first brought to light by researcher Bogdan Alecu at a security conference in Bucharest, Romania at the end of November. Before the update an attacker could have sent a barrage of Flash, or Class 0 SMS messages to a Nexus device and cause it to restart, freeze or lose its connection to the mobile internet.

Those Flash SMS messages previously just piled up, one after the other on device screens and led to the aforementioned problems. Going forward the messages will be displayed one at a time and queued until users dismiss them.

Google’s fix comes almost six months after Alecu claims the company promised it to him and more than a year after Alecu, who also works as a system administrator at the Dutch IT firm Levi9, found the bug initially.

The 4.4.2 update also fixes a separate denial of service vulnerability that stemmed from when devices received 0-byte WAP push messages and brought a few cosmetic changes to devices including several camera tweaks like better white balancing, less shutter lag, and more accurate focusing.

Suggested articles