MMS exploit targets Windows Mobile 2003

by Chris Ziegler, posted Jan 2nd 2007 at 3:27PM

What's scarier than a text message luring you into getting your PC all hosed up with virii? An MMS message that somehow manages to do the infection honors all by its lonesome, that's what. Details are now emerging on what appears to be the world's first proof of concept for an MMS virus, exploiting a weakness in the way Windows Mobile 2003 handles SMIL (Synchronized Mutlimedia Integration Language) to cause a buffer overflow -- which in turn leads to the dreaded "arbitrary code execution." The fella responsible for the exploit apparently gave Microsoft the heads-up a solid six months ago; when he never heard back, he went public with it in a big way at Berlin's Chaos Communication Congress. The good news (if you can call it that) is that it's only been tested on the i-mate PDA2K and HP iPaq h6315, both of which are approaching the tail ends of their useful shelf lives. No word on whether the vulnerability applies (or can be easily adapted to) Windows Mobile 2005, but somehow, "we hope not" simply doesn't properly express our sentiments.

[Via El Reg]

Filed under: Messaging, Software, Windows Mobile, Misc

Tags: 6315, exploit, i-mate, ipaq 6315, Ipaq6315, mms, pda2k, phone edition, PhoneEdition, pocket pc, PocketPc, virus, vulnerability, windows mobile, windows mobile 2003, WindowsMobile, WindowsMobile2003, wm2003

Relevant Posts

i-mate's rumored "Hummer" -- for when you absolutely, positively don't care what it looks like (35 days ago - 10 Comments)
Hands-on with Sprint's Touch Pro (33 days ago - 112 Comments)
The Sony Ericsson XPERIA X1, unboxed at last (3 days ago - 23 Comments)
Latest spy shots show AT&T Fuze defaced with carrier's logo (2 days ago - 12 Comments)
LG CT810 "Incite" for AT&T gets pictured, we think (Yesterday - 9 Comments)

Subscribe to these comments

Reader Comments (Page 1 of 1)

Neutral

Eric Will @ Jan 2nd 2007 3:52PM

"Virii" is not a word. It does not make you look cool. Viruses is the plural form of virus. That's it. "Vir" is Latin for man, "viri" is Latin for "men."

http://en.wikipedia.org/wiki/Plural_of_virus

Neutral

TheOneAboveAll @ Jan 2nd 2007 4:28PM

1. "Virii" is not a word. It does not make you look cool. Viruses is the plural form of virus. That's it. "Vir" is Latin for man, "viri" is Latin for "men."

http://en.wikipedia.org/wiki/Plural_of_virus

Eric my friend, you are a worm...

Neutral

LG @ Jan 2nd 2007 9:15PM

Ummm...And who uses WM03 anymore? Hell, Crossbow is already out. And I'm assuming that it doesn't have this sploit.

So, I have to ask, who cares? Why would MS update such an old OS? Do they update 98 anymore?

Neutral

Convergenista @ Jan 2nd 2007 11:07PM

Scientific American has a good article this month about these scary little suckers. But could we rework the anti-virus business model for smartphones & pocket pcs? I think the handset manufacturer should be responsible for making up-to-date anti-virus software available. Anyone agree?

Neutral

psxp @ Jan 3rd 2007 12:01AM

MS are C*nts.. they never listen.. fark them!

Neutral

MountainDrew @ Jan 3rd 2007 9:40AM

Well, it's a good thing the Rogers Wireless (Canada) hasn't been able to figure out MMS on Windows Mobile devices. It's never worked at all, so I guess I'm safe...

Add your comments

Your comments:

Remember me

E-Mail me when someone replies to this comment

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.

Japanese hardware sales, Sept . 29 - Oct. 5: Tomorrowland edition Weekly Webcomic Wrapup thinks brevity is the sole of wit Space Oddity: Lord British pays $30 million for trip to International Space Station	13 Great Free Backup Programs for Windows, Mac, and Linux On the cutting edge of geolocation with Mozilla Labs' Geode Firefox for Windows Mobile images surface
Study shows 43% of college women prefer Macs Reminder: Talkcast tonight at 10 Eastern Get into the Halloween spirit with a screen saver	Entrepreneur's Journal: Supercharge your website with search engine optimization (SEO) McCain stock: Invest in the high-tech value chain Molex Obama stock: Cardinal (CAH) delivers on health care promise
Deals: Gift card with Dead Space, B2G1 at Toys R Us and more Soulja Boy calls out Xbox Live gamers Activision calls in the budget Secret Service	Clarkson doesn't hate all American cars, recommends CTS-V for the Stig What recession? Daimler adding 1,000 to payroll next year GM/Cerberus talks over full ownership of GMAC
The Best of Big Download: October 6-12 Yep, more BlizzCon Blizzard looking to "monetize" Battle.net in the future	Packers 27, Seahawks 17: Quarterback Family Tree Tomfoolery, Kornheiser Style Eagles 40 49ers 26: Donovan McNabb No Longer Embarrassed Vikings 12, Lions 10: Can We Fire Childress Anyway?