Picture message phone attack warning

MMS (multimedia messaging service) messages from unknown sources should be treated with caution, security researchers have warned.

The warning comes after it was discovered that cybercriminals had found a new way to attack some mobile phones using picture messages.

Security firm F-Secure said that the attack vector allowed cybercriminals to disguise the origin of the attack.

"An attacker can create a MMS message that cloaks the sender number. This could essentially give people who send threats, scams and spams a free pass, as it negates any worries about their numbers being reported/exposed," F-Secure said in a statement.

It is believed that with less risk of being discovered, cybercriminals could increase the volume of attacks using this method.

Read Web User's security guides

The flaw, which affects some BlackBerry devices as well as the Windows Mobile operating system and some Sony Ericsson handsets, takes advantage of configuration settings to automatically download an infected file.

"If the receiving device MMS client is configured improperly this could lead to automatically download whatever content is specified in the content URL," the original security advisory notice reads.

"MMS clients which do not allow access to content URLs other that the providers MMS proxy should be safe from the content, but are still vulnerable to the sender obfuscation," the advisory continued.

The vulnerability was originally discovered by researcher Michael Mueller. There are no known fixes or workarounds for the problem as yet.