security

While there is a lot to look forward to with Windows Phone 8, some of the changes may not be as noticeable but no less important. Windows Phone 8 will have a number of significant changes under the hood to bolster the security of the platform.

Windows Phone 8 will have device encryption throughout the entire device including the OS and its applications. Designed along the same lines as Windows 7 PCs, encryption kicks in as soon as you power up the device. This system, based off of Bitlocker (but adapted for Windows Phone) was something first reported on back in February as an early rumor.

BitLocker is a logical volume encryption system that is present in Windows 7 and will be present in Windows 8.  BitLocker is designed to protect data by providing encryption for entire volumes or drives within a computer to protect the integrity of a trusted boot path.  The main difference between the PC version of encryption and what we will see on Windows Phone 8 is that the encryption keys are not manageable on our Windows Phone as they are on desktops or laptops.

More →
8
loading...
0
loading...
0
loading...
0
loading...

Online ads can be annoying and it appears Microsoft is working on a way to focus these ads more towards your likes and away from your dislikes. We ran across the Microsoft Personal Data Dashboard that will let you filter out the unwanted ads and let those you might be interested in through.  These filters will likely impact ads you see over on Outlook.com and on your Windows Phone.  

The Dashboard has several sections or tabs with the main tab reflecting your Windows Live Profile. Additional sections include: 

My Data: Here is where you can tag your interests and dislikes from a wide variety of topics. You can also narrow down your likes and dislikes to the brand names of products.

The My Data page also lets you view your Bing search history and any Microsoft Newsletters you are currently subscribed to.

More →
2
loading...
0
loading...
0
loading...
0
loading...

Software piracy is a serious battle, which can also affect our beloved platform developers. Microsoft has taken action by automatically applying encryption to all apps through the newly unveiled Dev Center. According to a detailed post on the Windows Phone Developer Blog, Todd Brix states that all apps (including those already submitted) are automatically encrypted without user input.

We first heard about the possibility of server-side encryption back in November, 2011. From our understanding, Microsoft was waiting until everyone was on Mango to implement that feature and it now looks to have happened. If you recall, at the end of April Microsoft decreed that you had to have Windows Phone 7.5 to get to the Marketplace. Combined with the Dev Center refresh, we think that transition for encryption is now complete.

More →
4
loading...
0
loading...
0
loading...
0
loading...

Last week we reported WhatsApp had disappeared from view on the Windows Phone Marketplace (it was actually set to private), and were awaiting official clarification on the matter. Turns out, according to a report over at MonWindowsPhone, the app has a serious security flaw, which requires the team to pull the app and look into the problem. An update is well on its way.

The app enables Windows Phone owners to send messages to other devices and is available for multiple platforms. German website ComputerBild reported that an Android app, called WhatsAppSniffer, allowed users to access messages sent using WhatsApp on a WiFi network. The developers of the popular messaging service are patching the app due to it sending  messages via XMP protocol and in plain text.

We'll keep you posted and will announce when the app is available on the Marketplace with the patch bundled in an update for existing users. In the meantime, you can checkout some early images of the Windows Phone 8 version of WhatsApp.

Update: We've received word from a WhatsApp employee stating the following in an email,

"This has nothing to do with security. Please don't spread mis-information."

Take it as you will. We'll look forward to more information and possible clarification. Until then, WhatsApp is not available until the promised update is released to the Marketplace.

via: MonWindowsPhone

More →
0
loading...
0
loading...
0
loading...
0
loading...

With the launch of Microsoft's Outlook.com, many have been questioning security features of the new email service. The most dominant topic is the limit of 16 characters for passwords. This is a limitation that was also present in Hotmail / Live and has been brought forward into its successor (due to Microsoft's login system). We'll take a look at this issue as well as a quick overview of additional security measures Microsoft has implemented to keep your emails safe.

More →
3
loading...
0
loading...
0
loading...
0
loading...

A few days ago, questions were raised over Skype's security in that Microsoft is reconfiguring the Skype network to allow Law Enforcement Agencies can have access to intercept calls. Mark Gillett, Skype's Chief Development and Operations Officer, responded to these concerns today.

With regards to the claims Skype has made changes in its architecture to provide Law Enforcement Agencies have greater access to Skype communications, Gillett says that this is false:

"The move was made in order to improve the Skype experience, primarily to improve the reliability of the platform and to increase the speed with which we can react to problems. The move also provides us with the ability to quickly introduce cool new features that allow for a fuller, richer communications experience in the future."

More →
1
loading...
0
loading...
0
loading...
0
loading...

Our audience is smart enough to know that no electronic system of communication is impervious to eavesdropping and there’s very little out there that’s near 100% secure. So it should come as no surprise that Skype is getting some publicity of its internal network restructuring that started occurring once Microsoft acquired the company last year.

The charge: Microsoft is reconfiguring the Skype network so that it Law Enforcement Agencies (LEA) can have access to intercept calls over the network to aid in investigations.

The reality is of course convoluted with no concrete evidence but it’s worth mentioning what exactly is going on here. So head past the break to get the scoop.

More →
3
loading...
0
loading...
0
loading...
0
loading...

There’s been a lot of news today—both for Microsoft and Nokia—so we’re going to just touch on a bit of that and also mention some other Microsoft stories that you may have missed. So here’s your roundup:

  • Microsoft wants you take your Xbox security seriously and posts tips on how to do that
  • Mark Penn, former advisor to President Clinton, will be a VP at Microsoft where he hopes to make Bing cool
  • Microsoft may have lost money this quarter but their consumer division is actually doing well

So head on past the break for today’s wrap up...

More →
0
loading...
0
loading...
0
loading...
0
loading...

MVP and frequent conference speaker David Rook, better known as SecurityNinja, gave an interesting presentation on security at Bsides London 2012. The chosen platform for discussion? Windows Phone. Rook goes into detail (it's an hour long presentation) about app and platform security. The talk covers Visual Studio, compiling code and how apps are ran within the OS.

While it's a fairly lengthy video, the talk is well worth checking out if you're interested in Windows Phone app development and security, or are wanting to know how everything works behind the doors.

Source: YouTube

More →
0
loading...
0
loading...
0
loading...
0
loading...

As we reported earlier this morning, Good Technologies was prepping to release their enterprise messaging app for Windows Phone, a big win for those who need security and a strong feature set for their device.

That app has now gone live in the Marketplace ready for download. We must emphasize: you need Good's back-end technology to run this as it is not standalone (think Exchange). From the app description:

"Good for Enterprise™ delivers secure mobile collaboration and device management for Windows Phone devices.  With Good for Enterprise, employees securely access corporate email, contacts, and calendar.  Good for Enterprise provides a unique, secure container that separates personal from business while respecting employees’ privacy – ideal for BYOD devices.  Unlike other solutions, only Good for Enterprise prevents data loss by providing security at the application layer (in addition to device security)."

We listed the full feature set earlier and needless to say, it's fairly comprehensive for a v1.0 release and what's more, Good promises more features in coming updates.

As noted in comments on our previous article, the main benefit for Good users is encryption of messaging, sandboxing of data and better security than Windows Phone or Exchange alone can offer (for now). Plus, with clients on the iPhone, iPad and Android it's nice to see Windows Phone on par with the competition.

Pick up Good for Enterprise™ for Windows Phone here in the Marketplace. Thanks, Munsey S., for the tip

More →
2
loading...
0
loading...
0
loading...
0
loading...

We don't recall seeing this at the insanity that was Mobile World Congress, but evidently on February 27th, Good Technology, who focuses on enterprise and security (and who used to be owned by Motorola) announced a partnership with Nokia to bring their "FIPS-certified 192 bit AES encryption and end-to-end mobile messaging" service to Lumia Windows Phones.

The service is set to roll out in Q2 2012, which means we should see this very soon. The press release goes on to detail the features coming to the Windows Phone app, which by the sounds of it will be only available in the Nokia Collection through the Marketplace:

"Employees will be able to access corporate email, contacts, and calendars through the Good for Enterprise application on their Nokia Windows Phone smartphones—just as they access Microsoft Outlook® or Lotus Notes® on desktop computers at the office—using the intuitive user interface with panorama and pivot views with which they are already be familiar. IT managers will be able to protect corporate data with data encryption and easy-to-apply policies, such as requiring passwords and preventing 'cut/copy/paste' capabilities from the Good for Enterprise app. They will also be able to establish role-based policies using web-based management tools and perform remote wipe of enterprise information only, leaving music, photos, and other personal data present elsewhere on an employee's mobile device intact in the event the mobile device is compromised, lost or stolen."

A big gap in Windows Phone services is actually in enterprise, specifically the lack of encryption on the device or secure, non-Exchange based messaging. Unfortunately, while many in IT departments want more advanced features on current Windows Phones, there seems to be no plans for an "enterprise update" for Windows Phone 7. Instead, Microsoft is putting off a major refocusing on this area till Windows Phone 8, expected in late 2012 (rollout early 2013) including 128-bit native BitLocker data encryption.

While Windows Phone 8 looks promising, this partnership with Nokia for the Lumia 710, 800 and 900 devices will offer a nice stop-gap for mid 2012 and another reason to "go Nokia". Combined with AT&T's recent secure-messaging software for Windows Phones, Lumia 900 owners will have no less than three enterprise-focused messaging solutions: AT&T's, Good Technology and of course Exchange. We think that's a pretty killer combo for IT departments.

Read the full press release after the break...Thanks, bilzkh, for the tip!

More →
0
loading...
0
loading...
0
loading...
0
loading...

Security firm CrowdStrike has identified a vulnerability that could allow attackers to seize complete control over a smartphone.  The hole could allow an attacker to gain access via Webkit-based browsers, which makes up the bulk of mobile web browsers.  The good news for Windows Phone users is that they are in the clear because Microsoft designed Internet Explorer themselves, opting not to use the Webkit platform.

George Kurtz, CEO of CrowdStrike, has tested this theory and has confirmed that Windows Phone, unlike iOS, Android and Blackberry, is immune to this threat.  Kurtz has not revealed the details of the vulnerability, but will be holding a demonstration tomorrow at a TSA conference.  For the time being, there is little that users can do to protect themselves.  Any fixes must come from the OS developers first, and then get pushed out to consumers.

Source: Zunited

More →
14
loading...
0
loading...
0
loading...
0
loading...

Here's an interesting little gem: On February 1st, AT&T pushed out a new app to the Marketplace called "AT&T Secure Messaging". Part of their new service, the app looks to be an excellent addition for Windows Phone users on the all-powerful network. From the app's description:

"AT&T Secure Messaging enables the exchange of encrypted messages between businesses, enterprises and government agencies who are using AT&T's Global Smart Messaging Suite powered by Soprano. AT&T Secure Messaging ensures your sensitive personal data is protected -  for example, a one-time password from your bank/online payment broker or a healthcare appointment reminder. Your secure messages are encrypted, then sent to the AT&T Secure Messaging mobile application and decoded, ready for you to read."

Fascinating stuff, especially for Windows Phone users in those key industries. For perhaps obvious reasons, we have no experience with AT&T's Global Smart Messaging Suite, but a quick trip to their site gives a plethora of details on the service which even regular consumer can opt-into (for a hefty price):

"The AT&T Global Smart Messaging Suite is a powerful web-based application designed for large enterprise messaging and communication. The AT&T Global SMS service enables 2-way communication (via SMS or e-mail), and can reach employees and opted in consumer subscribers at most wireless carriers globally. AT&T can help organizations get started using domestic short codes for cross-carrier SMS messaging, and the AT&T platform can also be extended on a global scale for messaging to employees and consumers worldwide."

Think of it as an in-house messaging service akin to Exchange. This push by AT&T into secure message delivery seems to be relatively new. A quick glance on YouTube shows a recently uploaded video detailing how this service can benefit the healthcare industry like hospitals in protecting vital doctor-patient data. Of course in the demonstration Android and RIM are shown using the service but it's now clear that AT&T also intend for Windows Phone to be there too as the app and service are both ready to use. That's good news as this could be a big area for AT&T to be entering especially as institutions look to support the many different devices of their end users.

If you're on AT&T you can find the app here in the Marketplace. QR code and video demonstration of the service can be found after the break. Thanks, Ben H., for the find!

More →
2
loading...
0
loading...
0
loading...
0
loading...

Tango, the cross-platform video calling application, appears to following in the footsteps of iPhone's Path application when it comes to the poor management of private account data. (Not to be confused with the Windows Phone update, codenamed Tango.) Today, a reader wrote in detailing how the PC client (version 1.6.14117 at time of writing) allows one armed with simply a mobile number access to any Tango user's contact data -- and account -- by simply using the application in a specific manner. While we won't share exact details, we must admit it's not hard to figure out. And just a few months ago, Tango was discovered to be downloading contact details without permission.

Using the steps provided, we were able to download a colleague's Tango contact data, make Tango calls, and manage account details with ease. This possibly indicates that Tango's security code-based account validation is simply an arbitrary client-side check -- a big no-no.

Update: Tango let us know the issue has been fixed and an update has been pushed out to users. Kudos to the Tango team for the quick response.

More →
0
loading...
0
loading...
0
loading...
0
loading...

Microsoft Store India has come under attack by hackers raiding under the banner of 'Evil Shadow Team', WPSauce has reported. The website was defaced yesterday with the above image replacing access, which was achieved by redirecting visitors to a file the team uploaded -- evil.html. The message is clear from the attack: "Unsafe system will be baptized."

For now the website is offline, presumably while Microsoft investigates what exactly went wrong and suggesting the software giant has regained control.

"The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologise for any inconvenience this may have caused."

Customers of the online store have been strongly urged to change their passwords once the site comes back online as Quasar Media, the online marketing agency that maintains the website, decided it would be a great idea to store user credentials and personal information in plain text - an obvious insecure practice.

While one could argue that it's in the interest of the customers to know that their details are not being stored securely, another could counter with stating that the attack, which has no known motive, was not required. 

Source: WPSauce, Hackteach, thanks for all the tips that were sent in!

More →
0
loading...
0
loading...
0
loading...
0
loading...

Security Toolkit (our review) is an app that enables the user to turn their Windows Phone into a mobile security system. From motion sensor capabilities to an intrusion alarm, Security Toolkit certainly is a neat app to play with. The app has recently been updated to 1.6. A brief list of a hundful of improvements implemented in the latest version:

  • WebCam Viewer - view a PC (live) connected webcam over local WIFI (auto discovered Cam Broadcaster is available as a separate app.)
  • Voice Recorder - voice recorder with silence detection and skip, start/stop/pause/resume recording using phone camera button, remote listen/record from PC console via local WIFI
  • Image quality improved for Cam Broadcaster

You can download Security Toolkit from the Marketplace for $3.99.

More →
0
loading...
0
loading...
0
loading...
0
loading...

Just a few hours ago we just posted on the 810x builds of Windows Phone and now Italian site Plaffo is noting that their LG Optimus 7 just received the very same update: OS build 8107. More exciting is the news that it came with a list of changes, most of which will make most folks very happy:

  • It solves a problem of the keyboard on the screen, preventing the keyboard to disappear while typing
  • Resolves an issue with syncing Gmail
  • It solves a problem of access to the location. After the upgrade, the function IO hub sends to Microsoft anonymous information contact the Wi-Fi access points and antennas for mobile phones in the vicinity, only if you have allowed access to and use of location information from part of the "I'm here."
  • Revocation of certificates issued by DigiCert Sdn Bhd to solve a problem of encryption
  • Fixes a problem with the e-mail related to Microsoft Exchange Server 2003. When you reply to or forward an email, the original message is now included in the response.
  • Fixes an issue of notification of voicemail

As you can see, this is a maintenance build, addressing many ongoing bugs and issues including the troublesome "disappearing keyboard" which plagues all Windows Phone Mango devices. That keyboard problem occurs when the on-screen keyboard will suddenly disappear when typing, due to certain background tasks "stealing" the focus, resulting in much user frustration. What is not clear, however, is what are the plans for Microsoft and the carriers for rolling this out. This looks to augment the 7740 OS package with even more fixes (if users don't have 7740, this new OS update will add those changes). Since US carriers skipped the 7740 build, they would seem obligated to roll this out to their customers.

In addition, since the Nokia Lumia 710 and 800 are running that update too, users of those devices should expect to see an update as well.

Once again, we expect more info about this OS build next week at CES but perhaps Microsoft will chime in on their blog before then with more details.

Update (6:08PM MST): Microsoft has sent us a statement:

Our engineering team has developed a service release which has been delivered to our carrier partners for their assessment. Details on specific improvements contained in these releases are available via the Windows Phone Update History page.

We're told the history page is lagging behind a bit but should reflect changes soon.

Update II: No shocker here, but the update doesn't fix the "SMS bug" according to Tom Warren who tested it. That's expected as it is not listed in the changelog.

Source: Plaffo

More →
0
loading...
0
loading...
0
loading...
0
loading...

We previously covered the "Windows Phone SMS bug" that would disable the messaging hub on the victim's handset, which was discovered (and reported) by Khaled Salameh. Just two days after the bug was made public by WinRumors, we learnt that Microsoft was looking into the issue. Today we have further news surrounding the bug, Salameh has been contacted by the Microsoft Security Team and informed that they've located the root cause and a fix is currently being tested.

While it's highly unlikely to affect users, it's good to know Microsoft is on top of potential security issues. Now we just need the disappearing keyboard to be looked at. We're getting there.

Source: Twitter (@KSalameh)

More →
1
loading...
0
loading...
0
loading...
0
loading...
4

Windows Phone Lock Screen version 2

We previously covered the Windows Phone Lock Screen wallpapers by AJ Troxell, which provided owners with an extra layer of protection should they misplace their phone. The wallpapers are customizable with editable files included in the pack so personal information can be added including name, email, number, etc.

As AJ is being non-secret Santa this year with 12 days of freebies, and because the lock screen wallpapers proved to be popular, he's released version 2 today. What's new? 4 styles, 43 backgrounds, 4 variations of complete icon sets, and comes in Photoshop and Illustrator formats. Head on over to AJ's site (link below) to download version 2 of this truly useful pack.

Source: AJ Troxell, thanks AJ!

More →
1
loading...
0
loading...
0
loading...
0
loading...

While it has practical applications, Security Toolkit for your Windows Phone is just a neat app to play with. It turns your Windows Phone into a mobile security system with alarms and surveillance abilities.  To do so, Security Toolkit makes use of your Windows Phone camera, microphone and Wifi.

Security Toolkit does go beyond the coolness factor by offering you a discreet, mobile security system.  While I can see Security Toolkit being featured on Hawaii Five-O to help McGarrett solve the next big case it can easily be used in every day adventures.  The motion camera can be used to see who's been sneaking into the break room refrigerator or while traveling to help keep an eye on your hotel room. The remote camera can be used to monitor your children playing in another room or for use as a baby monitor.  The motion alarm can be used to keep your Windows Phone safe from curious hands.  

More →
2
loading...
0
loading...
0
loading...
0
loading...

Pages