Tuesday, 13 December 2011

Windows Phone SMS bug leaves handsets open to attack


A bug within the Windows Phone 7 operating system has been uncovered which can be exploited by attackers, allowing a Denial of Service attack to be sent via SMS which will disable messaging on the device.
This flaw is apparently targeted at Windows Phone 7.5 devices, which on receiving the attack will reboot and permanently disable the messaging hub. The only way around it seems to be a hard resetting and wiping of the device.
The chaps at winrumors had been contacted by one of their readers, Khaled Salamed, who discovered the bug and in tests discovered that the attack doesn't appear to be targeting specific devices. It also emerged that the bug is triggered if Facebook Windows Live Messenger is used to send a chat message.
SMS attacks are not just a problem for users of Windows Phone 7 as both iOS and Android have been on the receiving end of similar SMS-based attacks before. This attack, however, does not seem to pose a security risk as it looks to be concentrated around the way the phone handles messages and does not appear to affect other areas of your device.
Currently winrumors and Salamed are working with Microsoft to resolve the bug.

No comments:

Post a Comment