Windows Phone 7.5 Vulnerable To SMS Hack?

Infected text message could bring down the Messaging Hub in latest version of Microsoft’s mobile OS.
7 Hottest Features In Windows Phone 7 Mango
Slideshow: 7 Hottest Features In Windows Phone 7 Mango
(click image for larger view and for slideshow)
Phones running Microsoft's newly released Windows Phone 7.5 mobile operating system can have their messaging services knocked offline by a third party through a malevolent text message, an independent security researcher claimed.

Upon receiving an infected message, the phone will shut itself down. When the user reboots, Windows Phone's Messaging Hub will not open, according to Kahled Salameh, who reported his findings to the blog WinRumors.

Staffers at the blog said they tested and confirmed the attack's effectiveness on several Windows Phone devices, including the HTC Titan and the Samsung Focus. The former was running the 7740 build of Windows Phone 7.5, also known as Mango, while the latter was running the 7720 RTM build of Mango.

[As BlackBerry falls out of favor, consider your options. Android Vs. iOS Vs. Windows Phone 7: Enterprise Shootout.]

On his Twitter feed, Salameh, who appears to be based in Amman, Jordan, said he would not make public the actual code that exploits the vulnerability. "Sorry, can't share it ... Disaster if this thing goes to the wild," Salameh wrote.

Salameh also said that the same text can also crash certain tools in Microsoft Visual Studio 2010. Microsoft officials did not immediately respond to a request for comment.

Microsoft released Mango, the first major update to Windows Phone, in August. Mango adds numerous improvements to Windows Phone, from new end-user features to transparent backend services.

A feature called Threads lets users glide among text, Windows Live Messenger, and Facebook chat within the same "conversation." Groups lets users receive and send messages from predefined social or business circles directly to and from the Smart Tiles homescreen.

Contact Cards have been enhanced to include feeds from Twitter and LinkedIn, as well as previously supported networks. Local Scout, which is integrated with Bing, yields hyper-local search results for dining, shopping, and entertainment.

Mango also adds a long-awaited multitasking capability, which lets users move freely between applications and pick up and resume where they left off. 4G wireless support is embedded. For security-conscious enterprise customers, Mango adds support for various rights management technologies. For example, it lets authorized users open emails tagged with restrictions such as "Do Not Forward" or "Do Not Copy."

Additionally, it beefs up integration with authoring and collaboration tools like Lync and Office 365.

But security problems could derail Microsoft's efforts to boost sales of Windows Phone in the wake of Mango's release. Microsoft currently holds a U.S. market share of just 5.6% in mobile operating systems, according to the latest data from ComScore.

In an effort to gain some momentum, Microsoft shook up its Windows Phone team Monday. Group president Andy Lees was replaced by Windows Phone engineering head Terry Myerson. In a memo to employees, Microsoft CEO Steve Ballmer said Lees would move to "a new role working for me on a time-critical opportunity focused on driving maximum impact in 2012 with Windows Phone and Windows 8," according to the Seattle Times.

IT's spending as much as ever on disaster recovery, despite advances in virtualization and cloud techniques. It's time to break free. Download our Disaster Recovery Disaster supplement now. (Free registration required.)

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Terry White, Associate Chief Analyst, Omdia
John Abel, Technical Director, Google Cloud
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer