Monday, December 12, 2011
Posted by Richard Chao in "Windows Phone News" @ 10:34 PM
"SMS attacks aren't just for Android and iOS devices anymore. WinRumors has reported a critical flaw in Windows Phone 7.5 that allows attackers to disable a device by carrying out a denial-of-service (DoS) attack via SMS."
Khaled Salameh, a WinRumors.com reader, has found a fatal flaw in the way Windows Phone OS handles messages leaving WP OS vulnerable to SMS attacks. Worse of all, the flaw is not limited to SMS. It can be triggered by messages received via SMS, Facebook chat or Live Messenger. Furthermore, messages do not have to be opened by the user. A live tile preview of the message is enough to trigger the flaw.
If triggered, the flaw will cause the device to reboot and the messaging hub to stop working. The only way to get the messaging hub back is to perform a hard reset. It is important to note that this flaw does not allow an attacker to take over a device but to essentially force the user to perform a hard reset.
Microsoft is aware of the flaw but has yet to issue a fix or workaround.