Windows Phone hit by SMS vulnerability

Summary:SMS message causes device to reboot and disables access to the messaging hub.

A flaw has been discovered in Microsoft's Windows Phone operating system that allows hackers to carry out a denial-of-service attack on the handset.

The flaw was discovered by Khaled Salameh and reported to Winrumors.

The flaw works simply by sending an SMS to a Windows Phone user. Windows Phone 7.5 devices will reboot and the messaging hub will not open despite repeat attempts.

The attack has been tested and shown to work on a range of handsets, including HTC’s TITAN and Samsung’s Focus Flash. Operating system version doesn't seem to matter either, as some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720.

The bug attack can also be triggered by a Facebook chat message:

If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up. Thankfully there’s a workaround for the live tile issue, at initial boot up you have a small amount of time to get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device.

Here's a video of the attack in action:

The flaw has been reported to Microsoft.

Topics: Hardware, Collaboration, Enterprise Software, Microsoft, Mobility, Security, Telcos, Windows

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.