MMS Exploit Released for Windows Mobile – No Patch Available
Collin Mulliner gave an updated version of his presentation at 23C3 in Berlin titled ‘Advanced Attacks Against PocketPC Phones’ (we originally blogged about it in August). As I previously mentioned, one of the vulnerabilities he discussed had, to my knowledge, still not been patched. Well Collin confirmed this in his presentation and also released a working exploit for the vulnerability to liven things up a little.
So let’s summarize:
• There has been a publicly disclosed vulnerability for over six months now.
• There is no patch for this vulnerability.
• There is an exploit now out there.
• There is no easy way to patch the vulnerable devices due to the lack of auto updates (try explaining what a firmware update is to your parents).
Now what can we do about this? Well, Collin summarizes the following defense points in his presentation:
• WLAN notification flooding denial of service
o Packet filter / firewall on phone
• MMS message-based attacks (the SMIL exploit)
o IDS / “AntiVirus” on phone
o Mobile phone service provider based IDS / “AntiVirus”
• General SMS/MMS Service Provider Measures
o Filter binary SMS that carry MMS MNotification.ind
• Install firmware updates when available!!!
These pretty much summarize the key points; however, Collin also mentions in his presentation, “User only needs to view the message to trigger exploit.” So I would add, only view MMSs from trusted sources.
On that note, Happy New Year everyone! And remember, just because it doesn’t look like a computer doesn’t mean it can’t be owned.