Microsoft Windows Phone engineers are reviewing a report that various messaging technologies can be used to send the phone into a reboot and then freeze its messaging centre, or hub.
Currently, the only “fix” is a hard reset and wipe of the phone, according to WinRumors.com, which reported the attack on December 13, after it was contacted by a Windows Phone user who discovered the problem. A short video by WinRumors’ Tom Warren shows the results of the attack but no details of how it actually succeeds.
The website says it is talking privately with Microsoft about what it found.
Though now widely labelled an SMS attack, the WinRumors story discloses the problem can be triggered also by messages created with Facebook chat or Windows Live Messenger. “The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages,” writes Warren.
It’s not clear from Warren’s account whether there’s a bug in the OS that’s randomly triggered by any of these messages, or whether the message has to be somehow deliberately designed to leverage the flaw.
“The flaw appears to affect other aspects of the Windows Phone operating system too. If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up,” Warren reported. There is a short time during initial boot up when a user can “get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device.”
Microsoft issued a generic statement about the reported attack via a spokesman’s email to PhoneScoop.com: “We are aware of the issue and our engineering teams are examining it now. Once we have more details, we will take appropriate action to help ensure customers are protected.”
View full post on National Cyber Security » Computer Hacking