Windows Phone hit by SMS vulnerability

SMS message causes device to reboot and disables access to the messaging hub.

A flaw has been discovered in Microsoft's Windows Phone operating system that allows hackers to carry out a denial-of-service attack on the handset.

The flaw was discovered by Khaled Salameh and reported to Winrumors.

The flaw works simply by sending an SMS to a Windows Phone user. Windows Phone 7.5 devices will reboot and the messaging hub will not open despite repeat attempts.

The attack has been tested and shown to work on a range of handsets, including HTC’s TITAN and Samsung’s Focus Flash. Operating system version doesn't seem to matter either, as some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720.

The bug attack can also be triggered by a Facebook chat message:

If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up. Thankfully there’s a workaround for the live tile issue, at initial boot up you have a small amount of time to get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device.

Here's a video of the attack in action:

The flaw has been reported to Microsoft.

Editorial standards