Windows Phone Denial of Service Attack Vulnerability

Wednesday, December 14, 2011

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

A specially crafted SMS text or Facebook chat message can disable the Windows Phone Messaging Hub according to Winrumors.com:

“The flaw works simply by sending an SMS to a Windows Phone user. Windows Phone 7.5 devices will reboot and the messaging hub will not open despite repeat attempts. We have tested the attack on a range of Windows Phone devices, including HTC’s TITAN and Samsung’s Focus Flash. Some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720."

A demo of the vulnerability can be viewed on Youtube here:

"The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages. The bug is also triggered if a user sends a Facebook chat message or Windows Live Messenger message to a recipient,” the Winrumors.com post noted.

The malicious text message causes the Windows Phone to reboot, and then when it is back up, the Messaging Hub is no longer accessible.

"The flaw appears to affect other aspects of the Windows Phone operating system too. If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up. Thankfully there’s a workaround for the live tile issue, at initial boot up you have a small amount of time to get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device," Winrumors.com continued.

The vulnerability has been reported to Microsoft, but as of now there is no fix for the problem other than hard resetting and wiping the phone.

"WinRumors reader Khaled Salameh discovered the flaw and reported it to us on Monday. We are in the process of disclosing the bug directly to Microsoft privately in co-operation with Khaled. At this stage there doesn’t appear to be a workaround to fix the messaging hub apart from hard resetting and wiping the device," Winrumors.com stated.

Fun, fun – Who’s idea was it to make our cell phones into computers? Didn’t they realize that with the benefits of computers also come the pitfalls?

Cross-posted from Cyber Arms

Possibly Related Articles:
18767
PDAs/Smart Phones
Information Security
Denial of Service Microsoft Facebook Attack Windows Vulnerabilities Smart Phone SMS Windows Phone
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.