Print 18 comment(s) - last by Argon18.. on Dec 15 at 8:01 PM

Hackers can reset your phone via SMS, Facebook, or Windows Live Messenger communications

Some of you may have fond memories of "nuking" local Windows 95 machines using urgent pointer (URG) based TCP "winnuke" tools (e.g. "NukeIt") or Windows 98 machines via large fragmented IGMP packets with malformed headers. Now Microsoft's Windows Phone has become the latest in a long line of Microsoft Corp. (MSFT) operating systems to be "hosed" by malicious traffic.

The flaw in Windows Phone, which affects the latest build of Windows Phone 7.5 Mango, as well as previous versions, was first discovered by Windows Phone hacker Khaled Salameh.  Rather than following in the tradition of hackers of yore, he worked with the site WinRumors to report the bug and securely disclose it to Microsoft.

The flaw appears to affect all Windows Phones, regardless of the manufacturer or model.

The attack works by sending a message to the Windows Phone message hub application.  As this app accepts a variety of messages, the attacking message can be in the form of a SMS text message, a Facebook message, or a Windows Live Messenger hub.

When the message is received, errors in the handling in the hub cause the message to lock the device, killing whatever work you had in process.  You can recover via a reboot.

However, your message hub app will stay dead.  It is unclear if there is a fix for restoring messaging functionality, but barring a reformat of your device, the affected phone may be unable to message.  Worse yet, if you have a live tile from the contact that sent the message, once it updates post-reboot it will trigger another system lock-up.  There is a workaround for this -- quickly navigate to the homescreen and remove/unpin the tile before it "flips" (updates).

Here's a video, courtesy of WinRumors of the attack in action:

For now, as mentioned, this severe vulnerability's implementation details are under wraps, pending a fix, so Windows Phone users should only be mildly concerned.

Again, this vulnerability appears to be solely capable of denial of service, and does not affect your system security.  In that regard it appears to be very similar to the aforementioned "winnuke" attacks, or the more recent "SMS-o-Death" messaging attack demoed against Android and iOS by researchers Collin Mulliner, a PhD student in the Security in Telecommunications department at the Technische Universitaet Berlin, and Nico Golde, an undergraduate student at the same institution.

These attacks differ from security-breach attacks, like the SMS attack that affected older unpatched version of iOS, first discovered by Charlie Miller.  The key difference is that those kinds of attacks utilize flaws in messaging apps which allow the execution of arbitrary code as a path to root control; where as attacks like the one in this article exploit flaws in message handling which do not execute arbitrary code, but do trigger some sort of catastrophic system failure.

Source: WinRumors

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By MrBlastman on 12/13/2011 1:25:10 PM , Rating: 4
The days of sniffing packets off of ICQ or p2p games and so on, only to use it to Winnuke, ping flood, teardrop, jolt or more unsuspecting friends on Quake servers... ahh, such fun times... so long ago. :)

RE: Ahhh...
By Zuul on 12/13/2011 1:45:22 PM , Rating: 5
This reminds me of the old "Port 139" out of bounds (OOB) attack on Win95 that would cause a bluescreen of death.


In that regard it appears to be very similar to the aforementioned "winnuke" attacks, or the more recent "SMS-o-Death" messaging attack demoed against Android and iOS

I think MS haters will quickly gloss over this quote in the article so I have quoted it here for posterity.

RE: Ahhh...
By MrBlastman on 12/13/2011 2:25:59 PM , Rating: 2
Heh, these messaging attacks are oldschool. I remember dumping binary files to other users terminals on multi-user Solaris/Unix systems. That was a lot of fun, actually--you could hear your results across the lab--beep beep bepp beeep beeeeeeeeeeep beep. Hahaha.

It's kinda funny, actually. The kids these days are trying stuff that us old farts have done for years, conceptually speaking at least.

RE: Ahhh...
By Omega215D on 12/13/2011 3:02:11 PM , Rating: 2
Wow, you guys really know how to make a 26 yr old feel really old....

(especially when you mentioned Geocities in another post)

RE: Ahhh...
By ebakke on 12/13/2011 3:39:05 PM , Rating: 2
Geocities. HA! Oh the good old days...

RE: Ahhh...
By borismkv on 12/13/2011 4:24:39 PM , Rating: 3
Pfff...You ain't old if you've never used a BBS.

RE: Ahhh...
By Omega215D on 12/13/2011 4:39:27 PM , Rating: 2
Oh that's just great.... (thinks back to the days of dad showing me various things on the Commodore 128D attempting to teach me).

RE: Ahhh...
By drycrust3 on 12/14/2011 7:33:30 AM , Rating: 2
I remember one teacher saying "They have allocated me 30 megabytes of space on the computer. What am I going to do with 30MB? I will never use that in my whole life!"

RE: Ahhh...
By MrBlastman on 12/13/2011 4:41:01 PM , Rating: 2
I still have my old 2400 BPS modem somewhere. It was called coincidentally a "rabbit." Hah. It was anything but fast.

RE: Ahhh...
By Mitch101 on 12/13/2011 6:12:57 PM , Rating: 2
The days when your status was based on Upload/Download ratios.


RE: Ahhh...
By Adam M on 12/13/2011 6:43:25 PM , Rating: 2
While I may not be BBS old, I do remember the days of WinNuke. I spent a lot of time in AOL chat rooms and IMs way back when. I might have been considered a Troll. I used to love many of those AOL tools. Email bombs, IM spamming, chat floods. My favorite wasn’t even program related. I used to tell people how cool it was to press Alt-f4 while in the chat room just to watch them drop off like flies. I think this is why I still cringe a little when I think of getting a Windows phone. All devices have vulnerabilities but none seem more widely known then those found in anything Microsoft.

RE: Ahhh...
By Alexvrb on 12/14/2011 7:50:23 PM , Rating: 2
Yes, iOS has never had any vulnerabilities, and Apple always acknowledges flaws and patches them right away. Plus, Android has absolutely no malware, and even if it did, it will soon vanish because Google is releasing Ice Cream Strawberry Rhubarb Piewich, and it's immune to hacking just like Diablo II. Ask Blizzard how those claims worked out.

They all have plenty of holes, and when they're found they're quite widely known. You know why? Because just like Windows on PCs, iOS and Android are very popular on smartphones and tablets. If anything WP7.5 has a lower profile and will have less widely abused vulnerabilities.

RE: Ahhh...
By GuinnessKMF on 12/15/2011 11:01:21 AM , Rating: 2
Alt-F4 is why you cringe when you think of a windows phone? You make me cringe for exactly the same reason your favorite "hack" worked, not understanding something but doing it anyway.

A social engineering "hack" like telling someone to alt-F4 is a vulnerability that exists on all devices, never underestimate stupidity of users.

RE: Ahhh...
By ProZach on 12/13/2011 6:46:12 PM , Rating: 2
Where's my cane? I need it to smack some kids playing on my lawn as I'm going to my mailbox for my SS check. Might even get to yell at the paperboy for being 3 minutes late, I can't stand tardiness with my evening news and wonderful advert inserts. ATH :)

RE: Ahhh...
By JediJeb on 12/14/2011 7:15:27 PM , Rating: 2
Guy at work got me once on our old HP/UX RTEa system. He found a way to log people off the mainframe and then put it into a looping macro. I was sitting there logging on over and over wondering why it kept booting me off. I remember asking the lab manager if there was a way to get more control over the system than being a SuperUser so I could get him back lol.

"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki