In association with heise online

02 January 2007, 17:39

MMS executes (mal)code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

At 23C3, security expert Collin Mulliner has released a demonstration exploit for the hole he made public six months ago, in the MMS processing of PocketPCs. Manufacturers have so far failed to react to his warnings. Up to now, the code has only worked on HP's iPAQ h6315 and the i-mate PDA2k, and even then, only when you have correctly guessed the memory slot and made the appropriate settings.

Nonetheless, this revelation means that worms that automatically spread themselves on smartphones via MMS have come one step closer. We can only hope that manufacturers of these devices will get moving and provide security patches and updates for these miniature computers. Mulliner says that the vendors of the MMS software affected -- Microsoft and Arcsoft -- sent upgraded versions of the software to OEMs months ago. But making such updates available to would only be the first step; at some point, the updates are going to have to make their way to individual customers and their devices. And what smartphone owner regularly installs patches?

See also:

(trk)

Print Version | Send by email | Permalink: http://h-online.com/-732048
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit