The guys over at PCWorld caught wind late last week of a possible vulnerability discovered by Bogdan Alecu, which causes Nexus devices to reboot as a result of an SMS overload. This is similar to what people would experience with their websites if someone were to DDoS their site. In the case of the Nexus devices, it causes the device to force restart without the user’s control.
According to Bogdan, the vulnerability is tied directly to any Nexus device running Android 4.0 or higher and covers the Galaxy Nexus, Nexus 4 and Nexus 5. Since the Nexus 7 and Nexus 10 can’t do SMS, these device are not vulnerable to this exploit. This is one of the most common behaviors that users would experience once at least 30 Class 0 SMS messages have been sent to the device. Alecu stated that there is no specific behavior, but it causes the phone to act erratically and in most cases a reboot will occur and the user will have no idea that it happened.
Once the device reboots, a whole host of things can occur to the device including loss of network or inability to communicate any any external servers even when communicating with the network. Some users may experience app crashing or the inability to make or receive calls in addition to all of the other issues. Google has been made aware of the issue and have not confirmed or denied the existence of such an exploit. But we believe that Google will likely patch this issue with their next update to Android 4.4 Kit Kat.
In our experiences with the Nexus 5, we haven’t had this issue happen, but we will test it on the Nexus 5, Nexus 4 and Galaxy Nexus to confirm whether or not we can reproduce it ourselves. Hopefully this is the only broadly sweeping exploit of the device and it doesn’t seem to grant any root access or access to the user’s data so there aren’t any privacy concerns regarding this exploit.