X
Tech
Home Tech Hardware

Windows Phone hit by SMS vulnerability

SMS message causes device to reboot and disables access to the messaging hub.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

13-12-2011-13-31-53.png
A flaw has been discovered in Microsoft's Windows Phone operating system that allows hackers to carry out a denial-of-service attack on the handset.

The flaw was discovered by Khaled Salameh and reported to Winrumors.

The flaw works simply by sending an SMS to a Windows Phone user. Windows Phone 7.5 devices will reboot and the messaging hub will not open despite repeat attempts.

The attack has been tested and shown to work on a range of handsets, including HTC’s TITAN and Samsung’s Focus Flash. Operating system version doesn't seem to matter either, as some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720.

The bug attack can also be triggered by a Facebook chat message:

If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up. Thankfully there’s a workaround for the live tile issue, at initial boot up you have a small amount of time to get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device.

Here's a video of the attack in action:

The flaw has been reported to Microsoft.

Editorial standards
Show Comments

Related

logi-ai-prompt-builder-mx-setup

Logitech mouse and keyboard users are getting a free AI upgrade

Installing Deepin desktop on Ubuntu.

Don't like your Linux desktop? Here's how to install an alternative

GOTRAX 4 electric scooter

The most charming projector I've tested has now replaced my TV for movie nights