Windows Phone 7 devices are susceptible to an SMS vulnerability that could lock users out of their messaging functions. The discovery comes from a tipster at the WinRumors blog, who demonstrated that a malicious SMS sent to Windows Phone 7.5 phones would force it to reboot and lock down the messaging hub.
The vulnerability does not appear to be specific to any particular Windows Phone devices, and the bug is triggered not only by SMS messages, but also by a Facebook chat or by Windows Live Messenger message. Once the phone is affected by the denial-of-service message, the device will reboot and the messaging hub will not open, locking users out of messaging functions. The procedure was documented in a short video embedded below, but it’s unclear what the attack message must contain.
The only workaround found so far to unlock the messaging hub after the attack is to hard reset the device, or wipe it. If the attack comes via a Facebook message in one of the live tiles, the solution is to remove the pinned live tile before its flips over (after a restart) and locks the device. Microsoft is yet to comment on the vulnerability that Khaled Salameh discovered.
Windows Phone 7 devices are not the first to suffer from SMS vulnerabilities. In 2009, an SMS vulnerability was found in iPhones, that would allow an attacked to remotely install and run unsigned software, with root access to the phone. Apple later fixed the problem via a software update. Android users had their fair share of SMS trojan apps, with the latest batch of pulled apps earlier this week.