Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity

    Windows Phone Vulnerable to Malicious SMS Messages, Facebook Chats

    By
    Fahmida Y. Rashid
    -
    December 13, 2011
    Share
    Facebook
    Twitter
    Linkedin

      A new attack uses malicious SMS messages to disable the messaging hub on Windows Phone devices, according to researchers.

      The SMS message exploits a flaw in how the Windows Phone mobile platform handles messages to trigger a denial-of-service attack that can disable all messaging functionality on the device, WinRumors reported Dec. 12.

      A factory reset is the only way to fix the problem and restore access to the messaging hub. The bug, discovered by WinRumors reader Khaled Salameh, has already been reported to Microsoft.

      The malicious text causes the phone to reboot and then cuts access to the messaging hub, a centralized area where users can view all text and instant messages received on Windows Phone, according to a video posted on YouTube demonstrating the attack. The vulnerability can also be triggered by a Facebook chat or a message sent using Windows Live Messenger. The text can also be used to crash the email app, Facebook and hang the entire phone, according to Salameh.

      “I have a specific text, that if shared with a Windows Phone 7, will cause (this) device to crash indefinitely!” Salameh posted on Twitter.

      The flaw also affects the “live tile” functionality on the operating system. If a user pinned a friend as a live tile and that friend posts a particular type of message on Facebook, the live tile would automatically update and cause the device to lock up, according to WinRumors.

      It’s not clear what the message’s content has to be to trigger the flaw, but it appears the live tile issue may involve using a “weird font,” according to Salameh’s Twitter feed. The flaw may be XAML-based, but Salameh declined to provide additional details on Twitter, saying, “Disaster if this thing goes to the wild!”

      Salameh said Dec. 13 the attack does not work on iOS devices, but he was still in the middle of testing Android devices. The same malicious text can also crash various Microsoft programs, including Visual Studio 2010, Expressions Blend and Microsoft Help Viewer, he said.

      WinRumors tested the attack on a range of Windows Phone devices, including the HTC Titan and the Samsung Focus Flash. Some devices were running the 7440 version of Windows Phone 7.5 while others were on Mango RTM build 7720, according to the site. The issue does not appear to be device-specific.

      Windows Phone isn’t the first platform to be hit by text message viruses. Security researcher Charlie Miller discovered a SMS flaw way back in iOS 3.0 that allowed attackers complete control over the iPhone with a malicious text message. Apple closed the flaw in a security update. SMS attacks on Android devices generally knock the phone offline rather than giving remote access or trick users into sending messages to prime rate numbers.

      However, the timing of the SMS flaw is a little unfortunate for Microsoft, who is currently in the middle of a free Windows Phone giveaway on Twitter. The marketing campaign, with the Twitter hashtag #droidrage, will give free phones to five people who post the worst stories about their Android experiences on the microblogging site.

      “Share your android malware story (there’s lots going around) and you could win a Windows Phone upgrade,” Ben Rudolph, Microsoft’s Windows Phone and Windows PC evangelist, wrote on Twitter. It’s not known which of the Windows Phone handsets currently on the market would be part of the giveaway.

      The #droidrage campain was a “somewhat below-the-belt” attempt to highlight the possible security deficiencies of Android rather than the benefits of Windows Phones, Graham Cluley, senior consultant at antivirus firm Sophos, wrote on the Naked Security blog. Microsoft must be pretty happy to “find the malware boot on the other foot for once,” he wrote, referring to how Windows has a bigger proportion of malware targeting the operating system than Unix or Mac systems.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×