Despite being the underdog in the smartphone race, there are certain features regarding which users of Windows Phone 7 can boast about when confronted by arrogant Android and iOS us. One such area where WP7 has a clear lead over its competitors, is OS security. While Android is infested with malware, and iOS can be exploited via SSH and other methods, WP7 is completely air-tight, or at least that’s what everyone thought until yesterday. The folks over at WinRumors have discovered a rather dangerous bug in Microsoft’s mobile platform, which reboots the phone and then renders the Messaging hub useless. Details after the break.
The SMS attack works when a certain (undisclosed) text string is sent to a WP7 device via any source. The text string could be from an SMS, via a messenger or through Facebook. As long as it arrives in your phone’s Messaging hub, the attack will work, and there is nothing you can do about it. Even if you don’t open the text message, your phone will reboot automatically. Things won’t have been too bad if the problem ended here, but, in fact, even after you restart your device, the Messaging hub won’t work. It will crash every time you try to launch it. For the bug’s demo, see the video posted below.
As of now, there is no intuitive solution to the issue. However, if you are really into texting, you don’t have to dump your phone just yet. If you perform a factory reset on your device, things will return to normal, but be wary that you will lose all the data on your device. To perform a factory reset, go to the Settings menu, and in the About section, you can reset your phone.
It could spell chaos for WP7 users if the dangerous string becomes known or is leaked by anyone, as after that, anyone could make your Messaging hub crash with a simple text. Microsoft has been notified of the issue and hopefully the bug will be fixed soon enough. For now, WP7 users can just hope that they don’t receive the string of doom, and trouble doesn’t seem to be on the horizon as the chances of the bug leaking seem to be pretty thin.
Update: Microsoft was quick to fix this simple DOS exploit in their mobile OS, and a minor update rolled out universally proved to be enough to solve the issue.