Windows Phone Becomes Latest Microsoft OS to Suffer From "Nuking"

Windows Phone 7 logoHackers can reset your phone via SMS, Facebook, or Windows Live Messenger communications.

Some of you may have fond memories of "nuking" local Windows 95 machines using urgent pointer (URG) based TCP "winnuke" tools (e.g. "NukeIt") or Windows 98 machines via large fragmented IGMP packets with malformed headers. Now Microsoft's Windows Phone has become the latest in a long line of Microsoft Corp. (MSFT) operating systems to be "hosed" by malicious traffic.

The flaw in Windows Phone, which affects the latest build of Windows Phone 7.5 Mango, as well as previous versions, was first discovered by Windows Phone hacker Khaled Salameh. Rather than following in the tradition of hackers of yore, he worked with the site WinRumors to report the bug and securely disclose it to Microsoft.

The flaw appears to affect all Windows Phones, regardless of the manufacturer or model.

The attack works by sending a message to the Windows Phone message hub application. As this app accepts a variety of messages, the attacking message can be in the form of a SMS text message, a Facebook message, or a Windows Live Messenger hub.

When the message is received, errors in the handling in the hub cause the message to lock the device, killing whatever work you had in process. You can recover via a reboot.

However, your message hub app will stay dead. It is unclear if there is a fix for restoring messaging functionality, but barring a reformat of your device, the affected phone may be unable to message. Worse yet, if you have a live tile from the contact that sent the message, once it updates post-reboot it will trigger another system lock-up. There is a workaround for this -- quickly navigate to the homescreen and remove/unpin the tile before it "flips" (updates).

For now, as mentioned, this severe vulnerability's implementation details are under wraps, pending a fix, so Windows Phone users should only be mildly concerned.

Again, this vulnerability appears to be solely capable of denial of service, and does not affect your system security. In that regard it appears to be very similar to the aforementioned "winnuke" attacks, or the more recent "SMS-o-Death" messaging attack demoed against Android and iOS by researchers Collin Mulliner, a PhD student in the Security in Telecommunications department at the Technische Universitaet Berlin, and Nico Golde, an undergraduate student at the same institution.

These attacks differ from security-breach attacks, like the SMS attack that affected older unpatched version of iOS, first discovered by Charlie Miller. The key difference is that those kinds of attacks utilize flaws in messaging apps which allow the execution of arbitrary code as a path to root control; where as attacks like the one in this article exploit flaws in message handling which do not execute arbitrary code, but do trigger some sort of catastrophic system failure.

Source: DailyTech

Tags: Microsoft, mobile phones, OSes, Windows Phone 7

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

A mobile hotspot in Australia will be capable of hitting gigabit speeds on the go
Nokia CEO Rajeev Suri will speak at MWC 2017
Preliminary data for October shows another Windows 10 boom
The Helio P15 packs an octa-core Cortex-A53 processor clocked at 2.2GHz
Microsoft’s event has been scheduled for October 26th so hopefully we’ll hear more about Redstone 2 then
Samsung claims up to 27-percent higher performance or 40-percent lower power
A smartwatch prototype developed by researchers at the Dartmouth college
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
HP Slate 7 is a 7-inch Android 4 Tablet PC with good sound
A cost-effective, 7-inch tablet PC from a renowned manufacturer
October 25, 2013 / 4

News Archive



Do you use microSD card with your phone?
or leave your own version in comments