This latest security vulnerability hits along the same lines as the recently fixed Nokia “Curse of Silence” bug that caused S60-based smartphones to stop accepting SMS text messages upon receiving a specifically formatted text message. A new security hole has been found to affect some Sony Ericsson handset that allows some malicious ne’er-do-well to force a hardware reboot with a simple text message.
Mobile security researchers at Mobile Security Lab have discovered a vulnerability that “allows an attacker to remotely reboot a vulnerable [Sony Ericsson] handset by sending a malformed WAP Push message” Even worse, the WAP Push message can be delivered via SMS text message. The messages are buffered by the wireless carrier while the handset is powered off, waiting for the handset to receive the malicious text message and reboot again. Picture your Sony Ericsson handset rebooting endlessly for no apparent reason. Not good.
The following handsets are proven to be vulnerable to this “WAP Push message denial of service attack:”
Handsets based on the same platforms as the listed hardware are also assumed to be vulnerable. So, watch yourselves!
Unfortunately, there is no known solution or fix at this time.
The video below shows just how bad it can get.