A new security exploit that affects several Nexus smartphones was made public, revealing an error with how the devices handle Flash SMS. The vulnerability can force the device to freeze, reboot and face connectivity issues all remotely as a result.

Class 0 or Flash SMS is a special text message defined in the GSM specification that is not stored by the system by default. It makes no audio alert and are typically just system alerts. When a flash SMS is received on an Android device, this message is the priority, appearing over any open, active window or app. If the device is one among the Nexus 4, Nexus 5 or Galaxy Nexus and it receives a couple of flash messages in succession without being dismissed, the device will start behaving erratically.

The most common response is a random reboot but the real issue is usually compounded by connectivity problems after power is restored to the handset. In this case, a PIN is required to unlock the SIM card and the phone won't connect to the network after the reboot. The user may not even notice this problem for hours until they look at the phone and see the lack of mobile network connection. The phone will not be able to call and receive calls, messages or any type of activity that requires a connection.

The exploit creates no immediate and pressing concerns in data security and doesn't allow an attempting hacker to take control of the device or access sensitive information, it could still be used to perform attacks just like those used to take websites offline.

By default, Android devices offer no easy way to send flash messages but there are a couple of apps available for users to do so. There is even a flash SMS firewall designed to prevent an attack through this method.

The issue stems from how Nexus devices manage memory storage. The big number of required flash messages (around 30) suggests the device could get pretty overloaded to the point where the messaging app or handset becomes unresponsive and crashes. Google was already informed of this issue and Android 4.3 Jelly Bean is expected to deliver the fix. However, this doesn't seem to be the case because latest tests show non-Nexus Android devices are not really affected by this problem.