X

SMS flaw reportedly found in Windows Phone 7.5

A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub, WinRumors reports.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil

Devices running Microsoft's Window Phone are susceptible to a denial-of-service attack that disables their messaging function, a tipster has told WinRumors.com.

A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub (see video below). WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug.

So far, the only solution to the messaging hub bug appears to be a hard reset and wipe of the device.

Devices running on Android and iOS have also suffered from SMS vulnerabilities. At the Black Hat security conference in 2009, security researchers demonstrated how an SMS-related security flaw in the iPhone could allow hackers to take control of the device, allowing them to make calls, send text messages, or almost anything they wanted on the victim's iPhone.

Researchers also uncovered an SMS implementation flaw that they exploited to temporarily crash Android phones, preventing them from receiving or initiating calls or text messages.

Apple and Google patched those vulnerabilities. Microsoft representatives did not immediately respond to a request for comment, but WinRumors says it is working with the tipster to privately reveal the flaw to Microsoft.