Some modern phones do a pretty good job of rebooting at random on their own without additional assistance from miscreants, but unfortunately, the real world is filled with people who’d like to make your gadgets just a little bit buggier than they already are. Enter this nifty little vulnerability recently discovered to affect a good number of Sony Ericsson models, involving a specially crafted WAP Push message carried via SMS that’ll instantly restart the phone. That’s not the best part, though – in theory, an attacker could send you a string of these bad boys that would get queued up by your carrier, so the second the phone comes back online, it gets the next message and restarts once again – potentially leading to a long, painful spell without a usable handset. Apparently, there isn’t any known fix for this, so if you’re carrying one of the affected models, just stay on the good side of any evil-doers you happen to know for now, okay? Follow the break for a video of the restarts in action (we understand the outgoing calls are just to demonstrate that the attack can be initiated at any time, though we can’t say for sure).
The vulnerability is caused due to an error in the processing of WAP Push packets, which can be exploited to reboot or crash an affected device e.g. via a specially crafted SMS or a specially crafted UDP packet to port 2948.
The vulnerability is reported in the following products: