Wow! That was a day. On December 03, 2013 Google as well as AndroidPit decided to remove (final decision) HushSMS from their stores. AndroidPit didn’t even send me an email or something. Google complained about some policy violations like that it’s a dangerous app. Well that’s bullshit. In coincidence they have patched the Class0 SMS vulnerability in the android source (https://android-review.googlesource.com/#/c/71102/) discovered by Bogdan Alecu a few hours before they pulled HushSMS from the Play Store.
A few days before that all Bogdan came up with the idea of writing a protection app for the vulnerability prior to making it public during DefCamp. I wrote the app (Class0Firewall) and released it for free and of course without ads in the Google Play Store so that owners of the vulnerable Nexus devices can protect themselves.
Hey Google, that’s not the right way to say: “Thank you for protecting my Nexus Device customers.”
What disturbs me most is the fact that there are other SMS programs in the Play Store that are able to send Flash or Class0 messages. HushSMS is nothing illegal nor abuses it the GSM network. Come on Google, read the 3GPP TS23.040 Technical realization of the Short Message Service and the OMA WAP Papers. Compare the specifications to the features of HushSMS and discover that there is nothing dangerous with it. Sorry Google, I forgot that it’s easier to remove something than to use the brain device and think.
Leave a Reply
You must be logged in to post a comment.