Sunday, May 6, 2012

Windows Phone 7 Hackable With A Simple SMS

According to tests conducted by the site WinRumors, smartphones running Windows Phone 7 are likely to be victims of a total blockade of their messaging systems from a single attack via SMS, instant message or simply update profile Facebook.

Khaled Salameh, a reader of the site WinRumors, gave the warning: “One of my correspondents Facebook posted the text in a strange font. His contact was pinned to the home screen of my smartphone running Windows Phone 7. Once the post appeared, the laptop crashed! Three other friends with Windows Phone 7 met with the same concern. ”

With it, WinRumors team repeated the experiment on a Titan HTC and Samsung Focus Flash and the same problems occurred. The phenomenon appears to be identical regardless of the version of Windows Phone 7 (7740 Build 7720 RTM or Mago).

Demonstration of blocking Windows Phone 7 by receiving a message. © Youtube / WinRumors

What happens exactly? In fact, the received message triggers the equivalent of a denial of service (DoS). Recall that this type of attack aims to prevent users from accessing a service, be it a computer or a smartphone. That’s what happens in our example since, according to tests WinRumors, all the messaging hub locks.

Specifically, when the user wants to access it, the phone freezes in seconds. This vulnerability stems from the fact that, as on many smartphones, the messaging system of the operating system works in a unified way. In other words, the messages received via Windows Live Messenger, Facebook or even by SMS are interpreted the same way and received the same application. If a message is malicious, so it’s all the hub that is blocked. While the user does not access messages the phone works.

Windows Phone 7 potentially hackable
However, this problem becomes a real concern if the user has added a touch of the screen. Just as to update his Facebook profile with a malicious message to cause an immediate crash of the phone, because everything is related to messaging. According to tests conducted by WinRumors, the problem remains the same even after a reboot of the phone, since the message is still in memory.

If malicious people put their hands on the code in question, the unfortunate experience of Khaled Salameh could be disastrous for many owners of smartphones with Windows Phone 7.

Fortunately, Khaled Salameh took care not to disclose WinRumors. “It took me five hours to understand the problem and find a solution,” said he. For its part WinRumors sent information directly to Microsoft so that it is working on a fix. According to our colleagues, there is currently no way to avoid this kind of attack. It is therefore urgent to wait for an update from Microsoft.

We have also attached two antivirus companies about this flaw. Both had the same refrain: “Focusing on Android.” “Windows Phone is not part of our projects because the applications are limited in function, we thus explained Ondrej Vlcek, Managing Director at Avast. I do not think an application can correct this problem. At the same time, on Android, it would be able to control this type of attack … ”

Attack difficult to control the state, antivirus vendors who prefer to focus on other operating systems … That does not bode well for owners of Windows Phone.

Source : http://www.dailyhightechnology.com

No comments:

Post a Comment