Windows phone 8 malware...created by a 16yr old MCAD

SteveLord

Windows Phone 8 malware? This teen hacker claims to have created a prototype | Naked Security

A teenage hacker prodigy in India claims to have developed a prototype of malware that will run on smartphones running Microsoft's new Windows Phone 8 operating system - the first known instance of Windows Phone 8 malware.

Nice.

Who wants to get a W8 phone anyway? Their marketshare continues to dwindle and every new OS is suppose to be the revolutionary one to get them back in the game.

undomiel

I actually do think Windows Phone 8 looks pretty snazzy. I've been considering shifting over to it from Android. It'll be interesting to see how this malware proposes to propagate.

tpatt100

Did anybody actually think there was never going to be malware on a new mobile OS? lol

I think we are going through the Windows 95 days of mobile devices where people don't think too much on security, the developers don't either. Eventually the OS developers will improve the situation and users will realize or get scared of installing anything on their phone.

Webmaster

undomiel wrote: »

I actually do think Windows Phone 8 looks pretty snazzy.

So do I, not ready to ditch my iPhone yet, but besides a few exceptions, and before iPhones, I always had a Nokia phone and I think I'd actually like the combi of Windows 8 phone+tablet+pc. I'd be surprised if they don't gain a serious share of the market eventually. A Windows phone may not seem that attractive to android users who already have a very decent phone anda bunch of apps they are used to, but there are many simple/old/cheap prepaid droid phones out there that don't compare to the new Windows 8 phones except for the low price.

With the Surface RT and other ARM-based tablets added to the mix it's a platform that developers can't ignore so I have no doubt there app store will eventually be able to compete as well.

The article refers to the kid as the "youngest ethical hacker" and MCAD in India - not sure what's ethical about waiting till later this month to disclose the info during a presentation without informing MS about the details allowing them to fix it.

Iristheangel

I like the Windows 8 phone a lot. I'm not as worried about the whole security breach as I can't point to an existing mobile OS that hasn't been hacked. I mean... how many times have hackers found flaws on iPhone to turn on the microphone and camera remotely? Or malware on Android phones? Let's not even talk about how insecure GSM networks are. My point is this: Everything gets hacked. We would all be phoneless and computerless if we stopped shopping because of the latest malware or hacking story.

As far as the W8 phone appeal, I agree with you, Webmaster. I am intrigued but, ironically, a phone is a bigger commitment to me than a laptop or tablet and I just bought a Galaxy S3. I usually end up keeping them around until my contract renews. One BIG thing I like about the Windows 8 devices is the aspect of a "unified app store." I have no doubt this concept will cause some great growth overall within the store. We'll see what happens but I'm not going to quickly discount the phone.

Ahriakin

I think the main area Windows8 Mobile could take off is in the enterprise. With Blackberry dying a slow death enterprises are having to adopt BYOD whether they like it or not. If Msoft can provide a good popular device for the end user that can also integrate with their Enterprise model it could do pretty well.

ptilsen

Iristheangel wrote: »

I mean... how many times have hackers found flaws on iPhone to turn on the microphone and camera remotely?

Actually, the iOS flaws have not been to the same extent that Android and Windows phone have. The only camera flaw I'm aware of and can find was the ability to get through the lock screen to access it. It was not vulnerable to malware from a web page or any other remote exploit. That's not to say it's perfect. There have been vulnerabilities in other areas, and malware apps on the app store, but not to the extent you'll see on Android. The technical controls on iOS are legitimately better, as all apps are sandboxed. Outside of malware apps or integration between a vulnerable app and others, there simply aren't many attack vectors on iOS. Windows Phone and Android both have the web browser as an attack vector as, to my knowledge, the web browser and other apps are not sandboxed the way they are in iOS.

That's not to say it is impossible to break the sandbox using technical measures (as opposed to what I described with the App Store and inter-app connectivity, which would not be technical measures), but it's hard to deny that it's a very good security mechanism that makes it a legitimately more difficult target than Android (with its open app access) and Windows Phone (with browser and other apps having more direct OS integration and no sandbox). This is in contrast with the typical Windows vs Mac OS debate -- there aren't significant technical aspects of Mac OS that make it more secure, and by most accounts it's less secure, but less targeted due to market share. I don't believe that's what we'll see in the phone market -- iOS is legitimately harder to target, and with Android phones being comparably easier and more common, it makes a better overall target.

I agree, everything will be hacked, but that's not to say being harder to hack or less commonly hacked is not a good feature in a phone.

I'm interested to see where Windows Phone goes as a platform, but I'm not betting on it right now. The interface is clean, but not as intuitive as I'd like. The quality of the platform is still not as established in comparison to iOS, Android, and even BB10/QNX. Apps are a big problem, but I do think Microsoft is doing the right things to attract developers. Overall, I think it will be hard to take significant market share from iOS and Android. It will take a killer phone and some great apps to even allow for people to switch. Microsoft and RIM both have uphill battles.

petedude

undomiel wrote: »

I actually do think Windows Phone 8 looks pretty snazzy.

They sound pretty capable, and the perceived IT geek cred is palpable. I do think, though, most of the world will simply shrug and continue buying Android/IOS phones. M$ is bringing in their new toys at simply too high a price point, and most people will view them as an also-ran because they took too long to get to market.

Iristheangel

@Ptilsen - Yeah, the Pwn2Own contests in 2009 and 2010 showed some flaws that allowed SMS to be accessed remotely and the microphone turned on as well. There was a famous Black Hat presentation a few years back about another hack that made an attack able to fully control your iphone by sending code through SMS. Here are the white papers on it: http://mashable.com/2009/07/30/iphone-hack/ and there have been a ton of other hacks since then but I don't want to turn this into a "which OS is more secure" thread because the iphone would probably top out there.

But you're generally right - iPhone has a generally good security kernel and I wasn't meaning to generally diss the iPhone's entire security altogether. My point is that dismissing a product or whole line of products after the first exploit is premature

tpatt100

I really need to quit using financial apps on my phone.....

ptilsen

Iristheangel wrote: »

But you're generally right - iPhone has a generally good security kernel and I wasn't meaning to generally diss the iPhone's entire security altogether. My point is that dismissing a product or whole line of products after the first exploit is premature

I'll definitely agree there, and I hope that no one is doing that with Windows Mobile. I expect it will be a reasonably secure platform overall, but in the short term a few vulnerabilities aren't going to be a surprise or a deal-breaker.

tpatt100 wrote: »

I really need to quit using financial apps on my phone.....

Your phone is probably no less secure than your computer. Your computer could be compromised any day with a browser exploit. They're frequent and nearly impossible to prevent. Outside of taking some crazy precautions (ie using a VM just for financial site access and reverting to a snapshot after every use), you're not going to be any more secure on a desktop operating system than a mobile one.

SteveLord

Iristheangel wrote: »

My point is that dismissing a product or whole line of products after the first exploit is premature

I thought the article was interesting, with regards to the young hacker and WP8's infancy. Not meant to take a jab at Microsoft....this time anyway.

Trust me, I diss Windows and Blackberry phones without even considering exploits at all. And I promise you almost nobody factors these in when purchasing them anyway.