SMS attacks aren't just for Android and iOS devices anymore. WinRumors has reported a critical flaw in Windows Phone 7.5 that allows attackers to disable a device by carrying out a denial-of-service (DoS) attack via SMS.
The flaw was first discovered by WinRumors reader Khaled Salameh, who reported it to them last Monday, and it has been reported to Microsoft. As of now, though, there's no fix or workaround to fix the issue.
The attack, which isn't device specific, works by simply sending an SMS to a Windows Phone user. The device will reboot and the messaging hub will not work, and it can also be triggered if a user sends a message through Facebook chat or Windows Live Messenger.
Worse, it affects other parts of the operating system as well. If you have a friend pinned as a live tile on your device, and that friend posts a particular message on Facebook, then the live tile will update and cause the device to lock up. Luckily, there is a workaround for this particular issue, since you have a small amount of time when you first cut the device on to get past the lock screen and get rid of the live tile before it can flip over and start causing problems.
You can also be thankful that the flaw is not security related. It seems to just be a bug with the way Windows Phone handles messaging, rather than anything more sinister. iOS 3.0 suffered from a much more dangerous SMS flaw, which allowed hackers to take total control over the device. If your device is affected, it looks like the only option you have right now is to do a hard reset and wipe the device, but since it's such a serious problem, there's a good chance that we'll be seeing a patch from Microsoft very soon.
See it in action below, courtesy of WinRumors:
107 Comments - Add comment