Jordanian mobile researcher Khaled Salameh has discovered a bug in Windows Phone 7.5 capable of creating a Denial-of-Service scenario that crosses over to the desktop. The good news is, only Salameh, Tom Warren at WinRumors.com, and Microsoft know how to pull off any potential attack. Thus, there will be no application crashing pranks while everyone waits for an update to fix the issue.
WinRumors.com broke the story after Salameh gave them a tip on his research, which can also impact desktop applications. The bug itself works by sending a string of text to a Windows Phone, triggering a device reboot. After the reboot, the device’s messaging hub is rendered useless, even after countless restart attempts.
At this point, as Warren wrote, “there doesn’t appear to be a workaround to fix the messaging hub apart from hard resetting and wiping the device.”
“We have tested the attack on a range of Windows Phone devices, including HTC’s TITAN and Samsung’s Focus Flash. Some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720. The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages,” the WinRumors.com story explained.
Initial reports called Salameh’s findings an SMS bug, but it’s actually a Windows Phone bug, as it can crash other applications. Moreover, desktop applications are vulnerable as well. In the WinRumor.com report, this was confirmed because the crash can be triggered via Facebook and Windows Live Messenger instant messages, in addition to SMS messages. The Facebook tie-in comes from a condition where a user has assigned a friend as a live tile on their device. Otherwise, the Facebook application itself isn't an issue.
When asked what else is impacted, Salameh told The Tech Herald that Visual Studio, Blend4, Windows Live Mail, Windows Live Messenger, all Silverlight Based applications, and all Windows Presentation Foundation (WPF) applications are vulnerable.
“However, attacks are only possible on Win Live Messenger, WinPhone7, and Win Live Mail Desktop App (by sending emails to victims),” he added via Twitter.
Speaking to the severity of the issue, Salameh commented that he felt triggering a crash on Windows 7 via Windows Live Messenger, “is as valuable as causing Windows Phone 7 messaging hub to crash.”
Warren and Salameh are working with Microsoft to address the issue. In a statement, Microsoft’s Greg Sullivan said that they are aware of the bug, and engineers are investigating.
Jerry Bryant, group manager for response communications at Microsoft, added that the software firm is '...examining this issue closely to determine what actions need to be taken to help ensure customers are protected.'
The Tech Herald has asked for additional comments and information, and we’ll update as soon as we hear back from Redmond.
(13:15 EST) HTC 7 Pro with build 7004 is also vulnerable according to Salameh.
(13:40 EST) Updated to add more information about the Facebook application tie-in.
(13:40 EST) On a side note, those interested in learning the actual text string used to trigger the crashes seem to be attacking Salameh's Windows Live account.
'My windows live account is locked for the second time today! Whoever is trying to hack my email thinks the code is in the inbox, funny!'
'I will continue testing, but it's obvious that the problem exists in the OS itself and is not (Device/Carrier) related...And since Mango also faces the issue, I doubt that any version in between won't be vulnerable,' commented Salameh.
Build 7392 on HTC 7 Pro crashes as well.
Samsung Focus (AT&T) running NoDo also crashes.