Google fixes SMS crashing bug in mobile OS
Google last week updated its Android mobile phone software, following the discovery of a potentially nasty pair of denial of service bugs.
The first of the two bugs creates a means for hackers to kick an Android phone off a mobile network and force a restart via a malformed SMS message. Dodgy text would contain a badly formatted WAP Push message that causes an exception on phones running the open source-based software, triggering a restart.
The second vulnerability involves tricking a user into downloading and running a malicious application that hooks into Android's (vulnerable) Dalvik API. This API function contains a security bug that means a system restart can be forced.
Users are advised to upgrade to Android 1.5 CBDxx, CRCxx and COCxx, as explained in an advisory by oCERT here. oCERT is an organisation that handles security disclosure for open-source projects. ®