Filtered by: Scitech
SciTech

New Windows Phone SMS attack can reboot device, disable messaging


A new potential SMS-based attack on phones running Microsoft's Windows Phone operating system has been discovered, a Microsoft enthusiast site reported.
 
WinRumors said the attack threatens to reboot phones running the Windows Phone OS, and then disable their messaging hubs.
 
"The flaw works simply by sending an SMS to a Windows Phone user. Windows Phone 7.5 devices will reboot and the messaging hub will not open despite repeat attempts," it said.
 
But it said the attack did not appear to be be security-related.
 
Instead, it said the attack indicates the bug is related to the way Windows Phone handles messages.
 
WinRumors said it had tested the attack on a range of Windows Phone devices, including HTC’s TITAN and Samsung’s Focus Flash.
 
Some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720, it noted.
 
WinRumors said the attack did not appear to be device-specific and appears to be "an issue with the way the Windows Phone messaging hub handles messages."
 
Also, it said the bug can be triggered if a user sends a Facebook chat message or Windows Live Messenger message to a recipient.
 
Other aspects
 
WinRumors said the flaw appears to affect other aspects of the Windows Phone operating system.
 
"If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up," it said.
 
But in this case, it said there is a workaround for the live tile issue: at initial boot-up, one has a short time to get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device.
 
Apple, Google
 
WinRumors said Microsoft rivals Apple and Google have also suffered from SMS bugs with their iOS and Android devices.
 
"Security researcher Charlie Miller discovered a flaw in the iOS 3.0 software that allowed attackers complete control over an iPhone at the time. Android-based phones also suffered in the SMS attack, but attackers could only knock a phone offline rather than gain full access," it said.
 
WinRumors said it is disclosing the bug directly to Microsoft privately, and there does not appear to be a workaround at this time - apart from hard resetting and wiping the device. — TJD, GMA News