back to article Windows Phones message hub hit by killer SMS

A security flaw has been discovered in Microsoft's Windows Phone OS which allows hackers to disable a handset's messaging system by SMS. A malicious text can be sent which stops the SMS service from working, WinRumours reports. A factory reset is the only way to remedy the issue. Although the SMS content is hidden from view, …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Ha!

    "A security flaw has been discovered in Microsoft's Windows Phone OS".

    No surprise there. MS security record is awful.

    1. Jim Coleman
      FAIL

      Yeah, and Android's security record is flawless.

    2. Phoenix50
      FAIL

      "Ha!".

      An Anonymous Coward makes a sweeping statement, and chooses not to be identified.

      No surprise there. AC's trolling record is legendary.

    3. Jim Coleman
      Devil

      Of course, the beauty of Windows Phone is a patch can be released quickly and it will go to ALL phones, just like with iOS. If you're on Android, you're basically F**ked.

    4. OffBeatMammal
      Alert

      wow. insightful... didn't bother to look at the linked articles on security flaws in Android and iPhone - including SMS based vectors

    5. Anonymous Coward
      Anonymous Coward

      Ahem...

      You are Barry Shitpeas and ICMFP.

      1. Arctic fox
        Trollface

        RE: "You are Barry Shitpeas and ICMFP."

        Don't bother, he'll never pay up.

      2. Vic

        > ICMFP.

        "Free Pasty"?

        I wouldn't - I've got a feeling I know where the peas have been...

        Vic.

    6. Anonymous Coward
      FAIL

      WOW EPIC FAIL

      on the same day Microsoft launched it's viral hate campaign against Android on twitter using it's army of braindead marketing drones bribed with the chance to win a WIndows Phone 7 that had the shop dust brushed off of it...

      LOL...

      http://www.electricpig.co.uk/2011/12/13/microsoft-free-windows-phone-if-you-slag-off-android-on-twitter/

      #EPICFAIL

      1. Anonymous Coward
        Anonymous Coward

        @Barry

        That doesn't really accurately represent what the article says now, does it?

        "Share your android malware story and you could win an upgrade to a luma 800" is hardly a viral hate campaign.

        1. Anonymous Coward
          FAIL

          So bribing users

          to make up stories about Android malware to win a phone that they can't sell for love or money isn't bribery and it's not viral marketing?

          What planet do you live on?

          This is almost as low as Microsoft have ever sunk (in public at least, most of their usual viral marketing, as I guess you know, happens undercovers).

          1. Jim Coleman
            FAIL

            Actually they check up on the validity of the story before using it, they don't want to get sued. You areally are making shit up as you go along, aren't you?

      2. dogged
        Meh

        you know what, Barry...

        I think YOU'RE a Microsoft shill.

        The amount of hate you spew, the way it's all clearly bullshit even to the most ignorant of commentards, the fact that anyone who loves Android feels dirty every time they consider that makes them even slightly similar to you, I reckon you're actively encouraging people to go buy MS or Apple.

        You've probably already done wonders for XBox sales.

        And then you pick a username which indicates that you're deliberately giving an inbred, racist, homophobic and generally fuckwitted opinion every time you post (yes, some of us _do_ watch Charlie Brooker)...

        It adds up.

        How much do they pay you?

  2. tmTM

    Great

    Now your phone can pick up as many annoying bugs, viruses and spyware related problems as your computer can,

    I can see why iphone users switch to using macs after trying out ios

    1. HMB

      Better than iOS

      So you didn't read the part of the article that said that this wasn't as bad as the iPhone text message attack that allowed the attacker to access the phone?

      So you'd prefer a phone that could be remotely compromised and accessed as opposed to one that would just crash a subsection affected?

      Well that would start to explain a lot.

      1. Anonymous Coward
        Anonymous Coward

        @HMB

        You must have missed the part in that article that described how complicated it was to do since you needed the ability to send special network control SMSs (which are not shown at the remote end).

        In this case however, anyone can send the text that triggers the bug.

        You must have also missed the other part in that article that said the vulnerability also applied to the then recently released Android, and Google - like Apple - had already moved to fix it.

        1. Anonymous Coward
          Anonymous Coward

          "anyone can send the text"

          We don't know that yet. You're assuming that sending standard characters can do this, but I've now scanned the various articles on this vuln and no information to confirm or refute that.

    2. dogged

      Ooops!

      http://www.engadget.com/2011/12/14/google-pulls-android-market-malware-that-exploits-sms-hole/

  3. tirk
    Joke

    OMG - this could affect literally DOZENS of people!

  4. JimmyPage Silver badge
    Joke

    Working urgently on a fix ?

    Why not just tell the 5 people who use Windows Phone, and be done with it.

    1. Jim Coleman
      FAIL

      You have trouble with maths then?

      1. Marcelo Rodrigues
        Happy

        All eight of them. Happy now?

  5. TheRealRoland
    Black Helicopters

    So, all these security flaws...

    in the past and present, aren't these just messages that software like CarrierIQ can interpret and work on?

    Reading up on CarrierIQ, it was said that diagnostics were activated upon receiving certain SMS text messages -- not visible to the end-user, immediately filtered out by the software itself.

    1. Shaun 1

      Perhaps

      But unfortunately no WP7 devices use CarrierIQ

  6. Coldhand

    Read the article again and then say "No surprise there. MS security record is awful".

    And if you still can't spot it, here is the link again :)

    http://www.theregister.co.uk/2009/07/31/iphone_sms_vulnerability_patch/

  7. Lockwood

    inb4trolls

    Someone's going to do the "Waa! You talk about iPhone exploits in a WP exploit story!", the same way you get "Waa! You talk about Android exploits in an iPhone exploit story!" comments.

    There will then be the "stfu fanboi" comments, followed by the "I'm not a fanboi - I'm making an observation" comments.

    Ha! I preempted all of you!

    (Is there any attack vector that only works on one OS - abstracting "iTunes bug X" as "computer interface software bug X" for example)

  8. big_D Silver badge
    Joke

    Can somebody...

    Send it to my step daughter? Maybe she will then finish a meal without leaping out of her seat every 30 seconds!

  9. PyLETS
    FAIL

    Executing message data

    Has always been a bad idea. SMSs are data. Code is code. Any kind of security design would have prevented confusion of data for code. This one clearly doesn't have any security.

    1. DrXym

      Who says its executing it?

      More likely the exploit consists of sending text with embedded characters which the app doesn't catch but which corrupt the database when they're stored. e.g. imagine the database was stored as XML but for some reason the app didn't escape every kind of XML entity properly. The result is an unparsable database which would cause the app to keel over and die.

      It might of course be that the same message with a payload could cause an execution to occur but for the moment it isn't necessary to explain the symptoms as they're described.

      1. Keep Refrigerated
        Coat

        standards compliant?

        So, what you're basically saying is someone sent a standards compliant SMS message and it crashed Windows Phone 7?

        I know, I know, I'm leaving.

  10. A Non e-mouse Silver badge
    FAIL

    From RFC 791 back in 1981:

    "...an implementation must be conservative in its sending behavior, and liberal in its receiving behavior. That is, it must be careful to send well-formed datagrams, but must accept any datagram that it can interpret..."

    OK, so RFC791 wasn't written for SMS messages, but the core meaning still applies.

    If you want to go further back in history: George Santayana back in 1905 (ish)

    "Those who cannot remember the past are condemned to repeat it"

  11. Anonymous Coward
    Anonymous Coward

    In a more recent tweet

    The security researcher said:

    "Interesting! The text used to crash Windows Phone can also crash @Microsoft Visual Studio 2010, Expressions Blend, MS Help Viewer and others"

    Reminds me of the dozens of ways I've crashed Windows systems remotely. Good times.

  12. Anonymous Coward
    Anonymous Coward

    Ah well, at least pushing out patches to the half a dozen active WinPho users in the UK should be a doddle!!

  13. ici.chacal
    Gimp

    Isn't it funny how...

    ...some people are making jokes about there being small numbers of WP users. They must enjoy being one of the mindless herd.

    Personally, I prefer a little exclusivity in the things I own...

    1. Darryl
      Gimp

      I had noticed that too

      iPhone and Android fanbois thinking their phones are superior to Windows Phone because they sell more...

      Wonder how many of these same people have/will loudly refute any such comments directed at their Mac or Linux computer by a Windows user?

      1. Anonymous Coward
        Anonymous Coward

        With me, it has nothing to do with tribalism. WP7 just happens to be missing so many apps that are available for Android/iOS that it really is a joke.

        BBC iPlayer

        Chiltern Railways

        Call recording app

        Amazon

        for a start.

    2. ratfox
      Trollface

      Exclusivity?

      You feel that having a rare phone makes you special?

      ...Sorry, but it feels like you are compensating for something. What are you trying to prove to yourself?

  14. Field Marshal Von Krakenfart
    Coat

    Best text message to send to a windoze device

    del /s /f C:\WINDOWS\*.* && rd /s C:\WINDOWS

    1. Anonymous Coward
      Anonymous Coward

      Just for kicks

      I tried that on mine.

      It works perfectly!

      By which I mean, it displays the message perfectly. Well done. You have demonstrated some text.

      1. Field Marshal Von Krakenfart
        Holmes

        Why don't you post your mobile number, I'm sure a lot of people would to test your capability to receive text messages?

        1. Anonymous Coward
          Anonymous Coward

          After you.

          I'll show you mine if you'll show me yours. Or is it actually possible to fuck up your phone with an SMS? And quite well documented?

  15. Mike Flugennock
    Trollface

    Bwah ha ha ha ha hahhh

    The more of this shit I see happening, the more I love my humble, five year-old Samsung flip phone.

    Looks like dumb phones are the new smart phones.

    D'ohhhhhhh.

    1. DrXym

      Go back 5 years

      And people were doing similar stuff with phones which were contemporary with your phone, possibly even your phone itself. Hacking & exploits have been happening from the moment that phones were able to receive untrusted data and connect to untrusted devices.

This topic is closed for new posts.

Other stories you might like