Log in

View Full Version : Critical Flaw Leaves Windows Phone OS Vulnerable To SMS Attack

Richard Chao
12-13-2011, 06:34 AM
<div class='os_post_top_link'><a href='http://www.neowin.net/news/windows-phone-suffers-critical-sms-attack' target='_blank'>http://www.neowin.net/news/windows-...ical-sms-attack</a><br /><br /></div><p><em>"SMS attacks aren't just for Android and iOS devices anymore. WinRumors has reported a critical flaw in Windows Phone 7.5 that allows attackers to disable a device by carrying out a denial-of-service (DoS) attack via SMS."</em></p><p><object width="600" height="360" data="http://www.youtube.com/v/vnhzuKcDo6A&amp;feature=player_embedded&amp;ap=%26fmt=18" type="application/x-shockwave-flash"><param name="src" value="http://www.youtube.com/v/vnhzuKcDo6A&amp;feature=player_embedded&amp;ap=%26fmt=18" /></object></p><p>Khaled Salameh, a WinRumors.com reader, has found a fatal flaw in the way Windows Phone OS handles messages leaving WP OS vulnerable to SMS attacks. &nbsp;Worse of all, the flaw is not limited to SMS. &nbsp;It can be triggered by messages received via SMS, Facebook chat or Live Messenger. &nbsp;Furthermore, messages do not have to be opened by the user. &nbsp;A live tile preview of the message is enough to trigger the flaw. &nbsp; &nbsp;</p><p>If triggered, the flaw will cause the device to reboot and the messaging hub to stop working. &nbsp;The only way to get the messaging hub back is to perform a hard reset. &nbsp;It is important to note that this flaw does not allow an attacker to take over a device but to essentially force the user to perform a hard reset. &nbsp; &nbsp;&nbsp;</p><p>Microsoft is aware of the flaw but has yet to issue a fix or workaround.</p>