Proof-of-concept code found for MMS vulnerability

Now get malware on your mobile


3 January 2007 14:47 GMT / By Amber Maitland

It is now been proven possible to spread malware via MMS messages from device to device rather than via a PC.

Colin Mulliner, after waiting for six months for a reply from Microsoft about his findings, published proof-of-concept exploits of MMS vulnerabilities on 29 December at the 23rd Chaos Communication Congress in Berlin.

According to security firm F-Secure, the exploits target bugs in the SMIL presentation control language, whatever that means. The bottom line is that it is possible for a rigged MMS message to execute code on a mobile device.

Collin's research found that the HP IPAQ 6315 and the i-mat PDA2K have the vulnerability, but F-Secure says it's “quite likely” that all Pocket PC 2003 and Windows Smartphone 2003 are vulnerable as well.

It's not easy for a hacker to exploit the flaw, as he or she has to guess the correct memory slow where the MMS processing code is executing to send the exploit code successfully, so the security researcher say that a malicious MMS will likely only be able to crash the device.
Related
Full tags
Phones, Apps, MMS

share print story pdf email story

Recommended articles

Recommended articles from around the web
Loading

Apps by platform

All the latest apps news and reviews

Best iPad 2 apps

We detail the best iPad 2 and iPad apps in the app store Which iPad app should you download?

Best new iPad apps

We detail the best iPad apps in the app store for your new Retina Display Which iPad app should you download?

Windows 8

First Look: Windows 8 Consumer Preview reviewed

The new iPad

The new iPad: Everything you need to know

Pocket-lint poll

Q. Does the Samsung Galaxy S III deliver what you hoped for?

Vote YES Vote NO

» LAST TIME
When asked Would you switch from iOS to Android? 54% said yes and 46% said no