SMARTPHONE HOPEFUL Microsoft is in the familiar position of having to patch a security flaw, though this time its Windows Phone operating system has an SMS denial-of-service vulnerability.
Microsoft's Windows Phone operating system has been relatively free of security vulnerabilities, but most will assume that is due to its lack of popularity rather than Microsoft's legendary bulletproof coding. Now security researchers have discovered that Windows Phone 7.5 has a vulnerability that could let an attacker disable the phone's messaging subsystem simply by sending a SMS message.
According to Winrumors, which claims to have verified the vulnerability on a number of smartphones running Windows Phone 7.5, all an attacker has to do is send a text, Facebook or Windows Live message to a phone. The offending message will result in the device rebooting and the messaging hub 'live tile' not responding to screen taps.
Winrumors has found users do have a short period of time where they can remove the pinned live tile before it locks the user out of the messaging hub.
Initial reports suggest that Microsoft's Windows Phone operating system is at fault rather than specific devices or handset makers' implementations of Windows Phone 7.5. Winrumors said its testing points to a bug in the way Windows Phone handles messages.
Apple's IOS and Google's Android have had SMS-related security vulnerabilities, and perhaps the marketeers at Microsoft will see it as a sign of Windows Phone's popularity that it too is starting to become a target of security researchers. µ
Sign up for INQbot – a weekly roundup of the best from the INQ