Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

MMS Exploit Released for Windows Mobile – No Patch Available

Created: 30 Dec 2006 08:00:00 GMT • Updated: 23 Jan 2014 18:53:56 GMT
Ollie  Whitehouse's picture
0 0 Votes
Login to vote

Collin Mulliner gave an updated version of his presentation at 23C3 in Berlin titled ‘Advanced Attacks Against PocketPC Phones’ (we originally blogged about it in August). As I previously mentioned, one of the vulnerabilities he discussed had, to my knowledge, still not been patched. Well Collin confirmed this in his presentation and also released a working exploit for the vulnerability to liven things up a little.

So let’s summarize:
• There has been a publicly disclosed vulnerability for over six months now.
• There is no patch for this vulnerability.
• There is an exploit now out there.
• There is no easy way to patch the vulnerable devices due to the lack of auto updates (try explaining what a firmware update is to your parents).

Now what can we do about this? Well, Collin summarizes the following defense points in his presentation:
• WLAN notification flooding denial of service
o Packet filter / firewall on phone

• MMS message-based attacks (the SMIL exploit)
o IDS / “AntiVirus” on phone
o Mobile phone service provider based IDS / “AntiVirus”

• General SMS/MMS Service Provider Measures
o Filter binary SMS that carry MMS MNotification.ind

• Install firmware updates when available!!!

These pretty much summarize the key points; however, Collin also mentions in his presentation, “User only needs to view the message to trigger exploit.” So I would add, only view MMSs from trusted sources.

On that note, Happy New Year everyone! And remember, just because it doesn’t look like a computer doesn’t mean it can’t be owned.