Microsoft confirms Windows Phone messaging flaw, promises to protect customers

By Tom Warren, on 14th Dec 11 2:04 am with 23 Comments

Microsoft confirmed the existence of a Windows Phone messaging flaw on Tuesday.

WinRumors exclusively revealed on Monday that Windows Phone 7.5 suffers from a flaw that could allow potential attackers to send a malicious SMS to devices. The SMS would reboot the device and render the messaging hub functionality of Windows Phone useless. We tested the flaw on a range of Windows Phone devices, including HTC’s TITAN and Samsung’s Focus Flash. Some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720. The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages. The bug is also triggered if a user sends a Facebook chat message or Windows Live Messenger message to a recipient.

Microsoft revealed on Tuesday that the company is investigating the flaw. Greg Sulivan, Senior product manager for the Windows Phone division at Microsoft, issued a statement to The Verge on Tuesday. “We are aware of the issue and our engineering teams are examining it now,” said Sulivan. “Once we have more details, we will take appropriate action to help ensure customers are protected.”

Details of the exact exploit have not been made public. Microsoft has the ability to issue over-the-air (OTA) updates to Windows Phone. The software giant has not used this to patch any issues yet, opting instead to release patches via the Zune application.

  • Ted Driggs

    Good to see them being proactive about it – better than some past experiences and Apple’s recent iPhone problems.

    • Anonymous

      What will be most interesting is how they handle updating the phones/patching the phones.  

      Will it be a Zune update?How quick will it be released to each phone?
      Will they show off a new updating scheme?
      Will they bypass carrier testing?

    • Thomas Bundgaard

      They better do it OTA. I doubt everyone uses Zune and this bug, while not dangerous per se, is crippling.

      I don’t think carries will have to test, since it’s probably just a small bug in the way the OS handles SMS-messages.

    • Thomas Hounsell

      I guess it all depends whether they decide to just push a fix for this, in which case, a fairly quick OTA carrier-bypassing fix seems most likely, or whether they decide to use this as an excuse to bring forward some other updates they have pending and bundle them all together, in which case, it’ll probably take slightly longer.

  • Jeff Kibuule

    It’ll be important to see how quickly they can go from major bug discovery to rolling out a fix.

    • Parker Ciambrone

      And how long it will take AT&T to approve the release…

    • Windows Fan

      I want Microsoft to just use the OTA update method just to prove that it works.

    • WixosTrix

      Maybe it doesn’t.

    • Gamer

      LOL you made my day

  • Guest

    I’m sure Rafael with be apologizing any second ;-)

  • Ignacio Fuentes

    I doubt that method would work for me. I bought a T-Mobile HTC Radar, unlocked it and Im happily using it in Venezuela with Telefonica Movistar…. the one update that I think they have released for the Radar I got it through zune by checking manually….. anyone can have more info on future updates for unlocked phones?

    • Neo

      It would work, but MS hasn’t used that function yes. Read the last lines in the article, it usually helps alot.

    • Ignacio Fuentes

      I read it.
      How do you know for sure that “it would work”?

    • Neo

      Most of what Microsoft make works. It’s not their fault that some user are dumber than stone.

  • Ydomngz

    This failure is as normal in Android phones! :)

    • Russ

      It really isn’t.

    • Anonymous

      lol people really forget very fast – first versions of androird? A bug when You sent a sms – never sure who was the receiver

  • GP007

    It’d be good to see a small OTA update for the first time to fix this problem.   Maybe they can use this as an excuse to update some other parts of the OS besides just the messaging hub/service?

  • Impartial

    Tom tell us more about your move to the Verge, are you going to have your own section? Are we going to be able to subscribe to a Tom Warren specific feed?

    Tell us more, please keep us in the loop, all the followers of this site need more details.

  • Russ

    Think everyone with a WP handset will use Zune/WP Connect, since that’s the only way to get stuff on and off the device, but yes, an OTA solution would be best.

  • Russ

    I was always sure where mine were going, was never an issue for me and at least that didn’t require a factory reset.

    Still, fingers crossed for a quick fix.

  • Brecht

    One week passed, nothing happens?

  • Asd

    Now microsoft broke his promises again, they will not protect their customers! Not everyone will receive the update 8107 which fixed this issue.

    You have the power to change, release the string which is able to kill wp7! Dont wait anymore, ms will not move forward to protect the users until it happens something bad!