T-Mobile highlights MMS phone flaw

News

T-Mobile highlights MMS phone flaw

T-Mobile International has confirmed that a software flaw in Panasonic's GD 87, a multimedia-messaging phone, enables the handset to access payable services without user permission.

"We detected the problem when we tested the Panasonic phone, and we decided not to include it in our product offering," said T-Mobile spokesman Philipp Schindera. "In a worst-case scenario, a customer who leaves his or her phone on all night could rack up a pretty hefty phone bill from connection fees or content charges."

The problem centres on the WAP (Wireless Application Protocol) push feature included in the company's Internet messaging service. The standardised feature allows a third party to use the handset to dial the number of a Web service, which could be billable.

Rival Vodafone D2, which selected the GD 87 as one of three handsets with MMS (Multimedia Messaging Service) capability, is adding "additional" security mechanisms in its network, said company spokeswoman Amelie Döbele.

Asked whether the Panasonic product marketed by Vodafone allows third parties to send commands to Web sites offering payable content without user permission, Döbele said: "This is a theoretical possibility, but anyone who would want [to misuse the service] would need the phone numbers of users, and we don't have very many of these handsets on the market yet."

Vodafone is in talks with Matsushita, the manufacturer of Panasonic handsets, about the WAP-push feature.

A Matsushita spokesman in London said he was aware of an issue in Germany but declined to comment further.

Last month Vodafone launched its Live service, featuring MMS, e-mail and other Internet services. For the service, Vodafone is marketing the Panasonic product and two other MMS-capable handsets - the 7650 model from Nokia and GX10 from Sharp.

T-Mobile, which has a competing MMS offering, supports the WAP-push feature, but the handsets it markets, such as Nokia's 7650, require customers to activate the feature themselves, said Schindera.

Users must also confirm all commands being pushed to their handsets before these can be executed, he added.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy