• United States



SMS attack on Windows Phone forces reboot, disables messaging

Dec 13, 20114 mins
AndroidData and Information SecurityEnterprise Applications

Attackers can send a maliciously-crafted SMS to a Windows Phone, causing it to reboot and disable messaging functionality. Yet Microsoft is offering a free Windows Phone to Android malware victims if users are willing to share their 'droidrage.'

abstract background light blue
Credit: Illus_man/Shutterstock

Attackers can send a maliciously-crafted SMS to a Windows Phone, causing it to reboot and disable messaging functionality. “The flaw appears to affect other aspects of the Windows Phone operating system too,” reported WinRumors. “If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up.” WinRumors and Khaled Salameh, the researcher who discovered the vulnerability, are in the process of disclosing the flaw to Microsoft. “At this stage there doesn’t appear to be a workaround to fix the messaging hub apart from hard resetting and wiping the device.”

Interestingly enough, Ben Rudolph, from Microsoft’s Windows and Windows Phone team, is appealing to victims of Droid malware by offering a free Windows Phone. If you have an Android malware nightmare story and you are willing to share your droidrage with the world, Microsoft tweeted “you could win a #windowsphone upgrade.” WinRumors noted this latest PR antic follows one by Microsoft’s Brandon Watson, senior director of Windows Phone development, who placed a $1,000 bet with Scott Adams, the author of the Dilbert comic strip. “Watson offered Scott Adams the chance to try a Windows Phone 7 device. If Adams didn’t like Windows Phone then Watson promised to donate $1,000 to a charity of Adams’ choice. Adams was impressed by Windows Phone.”

With advances in near field communication (NFC) technologies, cybercriminals are probably drooling to exploit smartphones as we all start using our mobile phones as our wallets. In regard to NFC, Microsoft mistakenly told TechRadar in an exclusive “exciting things coming soon” interview that NFC support was coming to Windows Phone 7.5. WinRumors said Microsoft was forced to “correct” that statement with this one: “While NFC is not currently supported on Windows Phone 7.5, it is coming. We expect NFC-enabled Windows Phone devices to ship within the next year.” Microsoft does hold “14 NFC-related patents” which might make a ‘beaming’ file transfer feature available “for Windows 8, Windows Phone and Xbox.”

Will Microsoft’s beaming technology across a “single ecosystem” for phones, PCs and tablets be the future of banking? This concept video suggests this is what Microsoft envisions as the “future of retail banking.”

Despite mobile security reports and dire 2012 predictions that Android is the most tempting target for mobile malware writers due to its popularity with users, the NSA is expected to approve the Android OS “to be used on ‘secret’ military networks.” It’s unlikely the NSA would approve of Android if it were truly a “cyber menace.” Mobile malware might indeed be “exploding,” but cybercrooks will target any popular phone as was warned by F-Secure’s Mikko Hypponen at Black Hat 2010 in a presentation titled, You will be billed $90,000 for this call.

Not only is your smartphone a pocket spy with actionable intelligence, and the apps may be listening, watching and tracking you, the better to steal from you, but your cell phone isn’t the only one spying on you. Those Carrier IQ files are being used for “law enforcement purposes,” the FBI confirmed to MuckRock.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.