After iOS And Android, Windows Phones Suffer From SMS Attack
iOS 3.0 was the first to be hit by the SMS attack when Charlie Miller, a security researcher, discovered a bug in the software. The bug led to the complete control of the iPhone by the attacker. When Android was hit, it only led to the knocking of the phone offline without giving the complete control over the phone. And now Microsoft's Windows Phone based devices are under attack disabling the messaging service.
#-Link-Snipped-#
The flaw discovered by #-Link-Snipped-# reader, Khaled Salameh, reports that a simple SMS can prompt denial-of-service on the Windows Phone. Some of the device tested were Windows Phone 7.5 based phones like the HTC Titan and Samsung Focus, but still it is not device specific and can affect any Windows Phone based device. The bug works by simply sending an SMS to the user which will then cause the device to reboot and after the reboot the phone's messaging service would stop working. The same can be caused even when a message is received though Facebook chat or Windows Live Messenger.
Not only the messaging service, other aspects of the operating system are also affected. If a pinned friend on a live tile updates a particular message on Facebook leading to the tile to update, then the phone would lock up. Though there is a cure to this particular issue. The device would allow some time to get through the locked screen and remove the live tile before it is updated and cause any problem.
This particular flaw doesn't seem to be security related and updates fixing this issue can be expected from Microsoft pretty soon. Here's a demo of what we are talking about:
<object width="640" height="360" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="src" value="https://www.youtube.com/v/vnhzuKcDo6A?version=3&hl=en_US" /><param name="allowfullscreen" value="true" /><embed width="640" height="360" type="application/x-shockwave-flash" src="https://www.youtube.com/v/vnhzuKcDo6A?version=3&hl=en_US" allowFullScreen="true" allowscriptaccess="always" allowfullscreen="true" /></object>
Image Source: #-Link-Snipped-#
#-Link-Snipped-#
The flaw discovered by #-Link-Snipped-# reader, Khaled Salameh, reports that a simple SMS can prompt denial-of-service on the Windows Phone. Some of the device tested were Windows Phone 7.5 based phones like the HTC Titan and Samsung Focus, but still it is not device specific and can affect any Windows Phone based device. The bug works by simply sending an SMS to the user which will then cause the device to reboot and after the reboot the phone's messaging service would stop working. The same can be caused even when a message is received though Facebook chat or Windows Live Messenger.
Not only the messaging service, other aspects of the operating system are also affected. If a pinned friend on a live tile updates a particular message on Facebook leading to the tile to update, then the phone would lock up. Though there is a cure to this particular issue. The device would allow some time to get through the locked screen and remove the live tile before it is updated and cause any problem.
This particular flaw doesn't seem to be security related and updates fixing this issue can be expected from Microsoft pretty soon. Here's a demo of what we are talking about:
<object width="640" height="360" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="src" value="https://www.youtube.com/v/vnhzuKcDo6A?version=3&hl=en_US" /><param name="allowfullscreen" value="true" /><embed width="640" height="360" type="application/x-shockwave-flash" src="https://www.youtube.com/v/vnhzuKcDo6A?version=3&hl=en_US" allowFullScreen="true" allowscriptaccess="always" allowfullscreen="true" /></object>
Image Source: #-Link-Snipped-#
0