Windows Phone hit by SMS vulnerability
Summary: SMS message causes device to reboot and disables access to the messaging hub.
A flaw has been discovered in Microsoft's Windows Phone operating system that allows hackers to carry out a denial-of-service attack on the handset.
The flaw was discovered by Khaled Salameh and reported to Winrumors.
The flaw works simply by sending an SMS to a Windows Phone user. Windows Phone 7.5 devices will reboot and the messaging hub will not open despite repeat attempts.
The attack has been tested and shown to work on a range of handsets, including HTC’s TITAN and Samsung’s Focus Flash. Operating system version doesn't seem to matter either, as some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720.
The bug attack can also be triggered by a Facebook chat message:
If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up. Thankfully there’s a workaround for the live tile issue, at initial boot up you have a small amount of time to get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device.
Here's a video of the attack in action:
The flaw has been reported to Microsoft.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Windows Phone hit by SMS vulnerability
RE: Windows Phone hit by SMS vulnerability
It doesn't matter...if your Facebook account is linked to your phone and the tile updates with the post containing the invalid characters, it'll crash the phone. The issue is with the subsystem responsible for displaying the content on the tiles. It appears that certain strings of text cause an out-of-bounds condition where it can store the message, but is unable to display it. This results in a crash of the tile when attempting to access it.
RE: Windows Phone hit by SMS vulnerability
RE: Windows Phone hit by SMS vulnerability
In other words troll elsewhere.
RE: Windows Phone hit by SMS vulnerability
Why am I not surprised
Expect BSOD, viruses and unexpected crashes to be commonplace with these devices.
RE: Windows Phone hit by SMS vulnerability
Until you can actually sit in an environment with thousands of people ranging from all computer skills and offer me an OS that is able to be used by each and every one of them with the same simplicity, usability, familiarity, support, range of peripherals and overall stability, you can shove that fan-boy garbage right down your throat.
I absolutely love my Android phone, but WM7 is a fine piece of work and worthy of praise, not fan-boy ignorance.
And you sir ignore history
Microsoft has a mile, at least, long row of unreliable code which has also allowed for a virus plague (hopefully) forever unique in computer history.
Here in southern Sweden our hospitals got attacked by malware and it was pure luck no one got hurt because the infections reached all the way into vital equipment.
According to Computer economics is support for that second rate platform extremely expensive, 13 or 14 billion dollars each year globally.
And you can call this quality with a straight face?
RE: Windows Phone hit by SMS vulnerability
Why on earth would you have vital hospital equipment in a situation where it could be infected in the first place? Were the Windows systems actually patched or was this a zero day exploit?
It sounds to me more like a failure of your IT staff than of Windows. Trusting your network security, especially a hospital, to just the single OS is incredibly stupid. Security has to be a multi-tiered network. Why weren't IPS systems in place between the user network that has access to the internet and the vital equipment? Poor network design.
No OS will save you from poorly trained or poorly funded IT departments.
How can you say that with a straight face?
And you are surprised that computer support for the #1 platform in the world is expensive? Of course it is expensive. Windows is installed on over a billion computers and on more servers than any other single OS (it takes every Linux distro combined to even match 1 version of Windows). If the cost is $13 billion a year globally that works out to $13 per Windows computer per year. Thanks for proving just how low the TCO is on Windows.
Mikael_z, you sir ignor history
Since you tend to allways ignor similar vulnerabilities that hit iOS and Android .
Do you have a good explanation for that, or will you just not comment, which is your norm? ;)
RE: Windows Phone hit by SMS vulnerability
Well, Linux, now, but that still doesn't excuse Mikael_z's flamebat. Also, including "familiarity" in that list is an improper qualification for obvious reasons.
RE: Windows Phone hit by SMS vulnerability
RE: Windows Phone hit by SMS vulnerability
That sounds like an IT failure on the part of your hospital staff than anything Windows related. Nor is Windows the only OS that is vulnerable to malware as both Linux and Mac OSX have had verified malware issues. Why can't you ABMer frothing at the mouth zealots get your facts straight?
RE: Windows Phone hit by SMS vulnerability
Agreed, I'm an Apple "fanboy" (have an iPhone, iPad and a Mac) but I really thing that WM7 is a nice addition to the smartphone market.
Please tone down your comments.
You can say mounds about your hate for Apple and your love for Microsoft but its no secret that this bug is a puerile one.
To have your phone locked by some invalid characters is not a vulnerability, it's a blatant bug which needs immediate correction.
As I have always said, Windows Phone 7 is a "flashy" interface stunt [mark my words] using Silverlight for Windows Embedded on top of a crappy OS called Windows Embedded Compact 6.0 R3 (which used to be called Windows CE, but that name was changed because it stacked up right next to Vista on OEMs minds).
Android and iOS, on the other hand, are built on top of proven technology. iOS has a micro kernel based on Carnegie Mellon's Mach 3, with BSD extensions and a complete DriverKit. Android is pure Linux with real-time modifications and a new filesystem.
Although most people celebrate Jobs for it's intuitive UIs and heavy marketing style, you should also now that NeXT was built by a top brass of experts and iOS is just the great grand son of all this efforts, ported to a very stable ARM Cortex A8/A9.
RE: Windows Phone hit by SMS vulnerability
The very nature of your comment proves only one thing: you have absolutely no clue about what you're talking about.
Please, educate yourself and then, consider posting something worthy.
RE: Windows Phone hit by SMS vulnerability
http://www.electronista.com/articles/11/11/07/researcher.claims.to.have.spotted.serious.flaw/
Apple can't write a single decent piece of code.
Expect BSOD, viruses and unexpected crashes to be commonplace with these devices.
LOL! He'll remain quite on that.
Oddf we never hear from him when it's an Android/Linux or iOS/OS X problem.
I wonder why? ;)
RE: Windows Phone hit by SMS vulnerability
Has Microsoft issued a fix or work around yet.