Windows Phone 7.5 susceptible to SMS hack

          Phones running Microsoft's newly released Windows Phone 7.5 mobile operating system are vulnerable to having their text messaging service's knees kicked off in a denial of service attack. The flaw is simple as pie to exploit: An attacker simply sends an SMS to a Windows Phone user. According to WinRumors's tests, Windows Phone 7.5 devices will reboot, but the messaging hub will fail to load even after multiple attempts.

           WinRumors's Tom Warren reported that they tested the attack on a range of Windows Phone devices, including HTC’s TITAN and Samsung’s Focus Flash, with some of the devices running the 7740 version of Windows Phone 7.5 and others on Mango RTM build 7720. The bug isn't fussy about which device you have, Warren says; rather, it comes down to how the Windows Phone messaging hub handles messages. He notes that messages sent via Facebook chat or Windows Live Messenger also trigger the bug.

WinRumors reported that the flaw was discovered by Khaled Salameh, a self-proclaimed "geek" from Jordan who reported it to the blog on Monday.

WinRumors's Warren says the flaw seeps out to pollute other nooks and crannies in the Windows phone operating system, as well. To wit:

If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up. Thankfully there’s a workaround for the live tile issue, at initial boot up you have a small amount of time to get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device.

WinRumors is now disclosing the bug to Microsoft in cooperation with Khaled but reported that there doesn't yet seem to be a workaround to fix the messaging hub, aside from a hard device reset and wiping the device.

Posted in: Zero-day vulnerabilities