Microsoft's mobile platform is coming under increased scrutiny after it was revealed that smartphones running Windows Phone 7.5 are at risk of denial-of-service (DoS) attacks that can disable their messaging functions.
Khaled Salemeh, who has been commenting about it on his Twitter account, discovered the flaw. He enlisted the help of WinRumors on Monday and both parties are in the process of disclosing the issue to Microsoft directly. According to WinRumors, the vulnerability works by sending a specially crafted SMS to a Windows Phone device, causing the handset to reboot with the messaging hub functionality disabled.
The site tested it on several different handset models including HTC's Titan and Samsung's Focus Flash. They also noted that the devices used both WP7.5 version 7740 and the Mango RTM build 7720.
"The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages," says the report. WinRumors also found that the bug could be triggered if a user sent a Facebook chat message or Windows Live Messenger message to someone in their contacts list.
The site found that this flaw affects other aspects of the Windows Phone operating system too. In particular, if a user has pinned a friend as a live tile on their device and that friend posts a particular message on Facebook, then the live tile will update and cause the device to lock up. One way to work around this is quickly removing the live tile as soon as the handset loads to the home screen.
WinRumors believes the issue relates to the way the mobile OS handles messages, and doesn't represent a security threat. There is no workaround to mitigate it though and for those experiencing a problem the only way of restoring messaging functions is to perform a hard reset of the handset.