Microsoft dissecting Windows Phone messaging bug
- 15 December, 2011 03:27
Currently, the only "fix" is a hard reset and wipe of the phone, according to WinRumors.com, which reported the attack on Tuesday, after it was contacted by a Windows Phone user who discovered the problem. A short video by WinRumors' Tom Warren shows the results of the attack but no details of how it actually succeeds.
The Website says it is talking privately with Microsoft about what it found.
ALL WINDOWS ALL THE TIME: Visit Network World's Microsoft Subnet
WINDOWS PHONE SHUFFLE: Microsoft re-orgs Windows Phone group
Though now widely labeled an SMS attack, the WinRumors story discloses the problem can be triggered also by messages created with Facebook chat or Windows Live Messenger. "The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages," writes Warren.
It's not clear from Warren's account whether there's a bug in the OS that's randomly triggered by any of these messages, or whether the message has to be somehow deliberately designed to leverage the flaw.
"The flaw appears to affect other aspects of the Windows Phone operating system too. If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up," Warren reported. There is a short time during initial boot up when a user can "get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device."
Microsoft issued a generic statement about the reported attack via a spokesman's email to PhoneScoop.com: "We are aware of the issue and our engineering teams are examining it now. Once we have more details, we will take appropriate action to help ensure customers are protected."
John Cox covers wireless networking and mobile computing for Network World.
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.