14 DAY TRIAL // The MMS exploit available for Windows Mobile targets a vulnerability that has been reported more than a half a year ago, according to Symantec. Back in August 2006, Collin Mulliner from the Trifinite Group revealed that a malformed MMS message could permit an attacker to perform arbitrary code execution on a Windows Mobile device. Since then, Microsoft has failed to address the vulnerability, although Collin has confirmed the vulnerability and also released a functional exploit.
Ollie Whitehouse, a Symantec Security Response Researcher summarized the situation:
- There has been a publicly disclosed vulnerability for over six months now. - There is no patch for this vulnerability. - There is an exploit now out there. - There is no easy way to patch the vulnerable devices due to the lack of auto updates (try explaining what a firmware update is to your parents).
As a firmware update from Microsoft is not available, Collin presented the following workarounds:
- WLAN notification flooding denial of service - Packet filter / firewall on phone.
- MMS message-based attacks (the SMIL exploit) - IDS / "AntiVirus" on phone - Mobile phone service provider based IDS / "AntiVirus."
- General SMS/MMS Service Provider Measures - Filter binary SMS that carry MMS Mnotification.ind.
According to Collin, a Windows Mobile user needs only to view a malicious message in order to allow for a successful exploit. Microsoft has failed to comment the situation in any manner.