Microsoft confirms Windows Phone Mango SMS exploit, fix on the way

Microsoft has confirmed the existence of an SMS denial-of-service exploit for Windows Phone that can reboot devices and kill access to messaging functionality.

The company says it’s exploring the issue and working on a fix, reports The Verge.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":365248,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,","session":"A"}']

The exploit, first discovered by WinRumors yesterday, simply involves sending a text message to any Windows Phone 7.5 (Mango) device, which causes the phone to reboot and disable the messaging hub. It can also be triggered with a Facebook or Windows Live message. WinRumors tested the exploit across multiple devices and found that it’s likely rooted in the way the Windows Phone OS messaging hub functions.

Luckily, it doesn’t appear that the exploit is widely known at this time, so Windows Phone users shouldn’t have too much to worry about yet. Microsoft has the ability to push updates to Windows Phone devices over-the-air, which it will likely take advantage of to make sure users are fully protected.

Both iOS and Android have faced SMS exploits as well, though WinRumors notes that this particular issue seems more like a bug with Windows Phone rather than a sophisticated security breach.

Check out a demo of the exploit below: