BlackBerry can be bitten by DoS attacks

Smart phones using older RIM software are open to remote rebooting, but the flaw's not as bad as first reported.

A flaw that could cause denial-of-service attacks on Research In Motion's BlackBerry handheld devices has been discovered.

The vulnerability affects smart phones running RIM handheld software version 3.7, Service Pack 1, and possibly older versions. The flaw has been fixed in version 3.8 and later, the company said in an advisory posted to its Web site last Thursday.

Security firm Secunia has issued a warning about the vulnerability, which it says "can be exploited by malicious people to cause the device to reboot." The flaw stems from the phone's inability to cope with meeting requests with a location field over 128KB in length. Any request larger than that will cause the phone to reboot, but no data will be lost.

The vulnerability has been rated "not critical" by Secunia, and RIM said it has had no reports of users being affected by the flaw. The security company that originally identified the vulnerability, HexView, claimed that the flaw could be used to execute malicious code on BlackBerry phones. RIM denied that scenario in its advisory.

Viruses designed to infect cell phones have yet to make it big in the wild. What was initially thought to be an outbreak of the so-called Mosquito cell phone virus turned out to be a copy protection feature that went astray. The first real virus, Cabir, was developed as a proof of concept for malware on cell phones, but despite reports of the worm making it into the wild, the virus never managed to spark a large-scale infection.

Jo Best of reported from London.