Bogdan Alecu, a system administrator at Dutch IT services company Levi9, reportedly found that the vulnerability can occur when an attacker sends about 30 so-called Flash SMS messages -- messages that appear immediately on the phone's screen on arrival -- to the Galaxy Nexus, the Nexus 4, or the Nexus 5. If the messages aren't promptly dismissed, it opens the phones up for attack. Alecu plans to present his findings Friday at the DefCamp security conference in Bucharest, Romania.
One of the problems Nexus users face is that they won't be automatically alerted with an audio tone when a Flash SMS message is received, which could allow an attacker to send a lot of them quickly before they're noticed or dismissed, PC World reports.
According to Alecu, the SMS overload can result in several issues, including the phone rebooting, which is the most likely outcome. In that case, if a PIN is required to unlock the SIM card, the phone won't connect to the network after rebooting. Another problem that can occur is that the messaging app crashes, but the system then automatically restarts it.
Alecu told PC World that while the issue appears to affect the latest Nexus smartphones running Android versions Ice Cream Sandwich through KitKat, it hasn't worked on other phones he's tested.
We've reached out to Google for comment on how the company plans to address the issue and will update this post when we learn more. Alecu told PC World that he reported the issue to Google, but that it hasn't yet been addressed.