Details are murky but according to the site Naked Security, a young “ethical hacker" named Shantanu Gawde has created the world’s first Windows Phone 8 malware. The program can reportedly “…steal contacts, upload pictures and steal private data of users, gain access to text messages etc." and details about the exploit will be revealed at the Malcon security conference in New Delhi, India, later in November.
Gawde is evidently a well-known computer prodigy, being the world's youngest Microsoft Certified Application Developer (MCAD) at age 16. What is more impressive is that he earned that designation when he was aged 7. Microsoft has been made aware of the presentation but not the details and are promising action upon any weaknesses found, should they be revealed as legitimate concerns.
Windows Phone 8 is theoretically more secure than its predecessor due to secure boot and native 128-bit Bitlocker encryption though there is one area where a potential hole can be exploited: sideloading XAP files via the microSD card. Though most Windows Phone 8 devices don’t even have a microSD slot, in theory files can be loaded from the card via the Store app. The only other option would of course be an exploit via Microsoft’s Store certification overlooking a flaw or a weakness found in the browser.
We’ll just have to wait for Gawde to reveal his cards in a few weeks to see if this is a one in a million weakeness or something that every Windows Phone user should be concerned. Either way, no matter what happens we’re still confident that Windows Phone 8 is more secure than Android. And that platform’s security weakness has not hindered sales one bit.
Source: Naked Security