Microsoft Dissecting Windows Phone Messaging Bug

Microsoft Windows Phone engineers are reviewing a report that various messaging technologies can be used to send the phone into a reboot and then freeze its messaging center, or hub.

Currently, the only "fix" is a hard reset and wipe of the phone, according to, which reported the attack on Tuesday, after it was contacted by a Windows Phone user who discovered the problem. A short video by WinRumors' Tom Warren shows the results of the attack but no details of how it actually succeeds.

The Website says it is talking privately with Microsoft about what it found.

ALL WINDOWS ALL THE TIME: Visit Network World's Microsoft Subnet

WINDOWS PHONE SHUFFLE: Microsoft re-orgs Windows Phone group

Though now widely labeled an SMS attack, the WinRumors story discloses the problem can be triggered also by messages created with Facebook chat or Windows Live Messenger. "The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages," writes Warren.

It's not clear from Warren's account whether there's a bug in the OS that's randomly triggered by any of these messages, or whether the message has to be somehow deliberately designed to leverage the flaw.

"The flaw appears to affect other aspects of the Windows Phone operating system too. If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up," Warren reported. There is a short time during initial boot up when a user can "get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device."

Microsoft issued a generic statement about the reported attack via a spokesman's email to "We are aware of the issue and our engineering teams are examining it now. Once we have more details, we will take appropriate action to help ensure customers are protected."

John Cox covers wireless networking and mobile computing for Network World.


Blog RSS feed:

Read more about anti-malware in Network World's Anti-malware section.

Copyright © 2011 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)