Windows Phone vulnerable to SMS attack - Update

According to a report from WinRumors, the Messaging Hub on Windows Phone 7.5 "Mango" devices can be completely disabled using a specially crafted SMS message. When a Windows Phone device receives the message, it causes the device to reboot and prevents the Messaging Hub from loading despite repeat attempts to open it. This Denial-of-Service (DoS) attack can also be exploited by sending a message from Facebook chat or Windows Live Messenger to the phone.

WinRumor's Tom Warren says that the only way to fix a device affected by the problem is to perform a hard reset and wipe the device, during which all personal data will be lost. The news site tested the attack on several phones such as the HTC TITIAN and the Samsung Focus Flash. These included devices running the 7740 build (7.10.7740.16) of Windows Phone 7.5 and Mango RTM build 7720 (7.10.7720.68). However, it is not clear from the report if older versions of Windows Phone are also affected.

Access to the Messaging Hub can be disabled via an SMS message

The flaw was discovered by Khaled Salameh and provided to WinRumors on Monday. Exact details of the exploit have yet to be disclosed. WinRumors and Salameh have reported the issue to Microsoft. If and when a patch will be released to fix the issue is unclear.

This isn't the first time a mobile phone platform has been affected by malicious SMS messages. In the past, phones from, for example, Nokia and Apple have been vulnerable to SMS and MMS attacks that allowed attackers to disable features or take control of a device.

Update: Speaking to The Verge, Microsoft has confirmed the messaging flaw in Windows Phone and said that it is working on a fix.

See also:

• 27C3 presentation claims many mobiles vulnerable to SMS attacks, a report from The H.

(crve)