A malicious message sent to Windows Phone’s message hub can disable the handset in a manner reminiscent of the “nuking” attack from the Windows 95 days. At the point the bad message is received, the phone reboots, and worst of all, it appears that the message hub application is permanently disabled. Back when people used to only use their phones to call and text, you’d perhaps think that having your phone reboot on you would be no big deal. But these days I find myself often as not composing some important missive.The attack has been reported to Microsoft. It affects both versions 7740 and 7720 of Windows Phone 7.5. When I first read this, I was wondering whether hackers were just expanding their already-prodigious knowledge of malware aimed at Windows OSes, but it’s worth noting that, in the lab at least, similar attacks have already been dealt with on iOS and Android. What this really portends is that the black hats and vandals are shifting their gaze to mobile, along with the rest of the computing industry.
I have no doubt that it will be fixed and a patch will be disseminated forthwith. The big question is, with two decades of cat-and-mouse between OS vendors and hackers under their belts, will the mobile platforms be relatively hardened compared to the worst times, when it seemed that new PCs were instantly infected the moment they connected to the net for the first time, or are exploits like this just a speedbump, and mobile platforms will remain largely uncompromised in the real world?
I’m not worried about it. Because of the huge variety of platforms, malware on cell phones is difficult to spread. Exploits for one phone won’t work on most other phones (unlike the days when connecting pre-SP2 XP without a firewall directly to the internet resulted in an infection in 30 seconds. Practically everybody had XP)
These external attacks on cell phones are relatively rare, and their surface area for attack is much, much smaller than, say, a desktop computer.
Because of the diversity of platforms, cracking each OS becomes less valuable, as the exploits can reach a smaller number of people. I don’t expect we’ll see quite the homogenization of platforms in the phone world that we saw in on the desktop. I think it’ll stay diverse, much like the console market.